As of February 2, 2009, FTP login is retired from servers in the Mason Cluster (mason.gmu.edu and www.gmu.edu) to improve security. Secure Shell File Transfer Protocol (SFTP), Secure Copy (SCP), and anonymous FTP are still supported.
Does My Application Support SFTP?
Note: Many of these applications do not use SFTP by default. Be sure to configure them to use SFTP.
|Application||Operating System(s)||SFTP Support?|
|Adobe (formerly Macromedia) Dreamweaver||Windows, Mac||Since MX 2004|
|Adobe (formerly Macromedia) Contribute||Windows, Mac||Since 2.0|
|FileZilla||Windows, Mac, Linux||Since 1.9.9|
|KompoZer||Windows, Mac, Linux||No|
|Adobe (formerly Macromedia) HomeSite||Windows||No|
|Microsoft Expression Web||Windows||No|
|Microsoft Office Sharepoint Designer 2007||Windows||No|
|Mozilla Composer||Windows, Mac, Linux||No|
|Netscape Composer||Windows, Mac, Linux||No|
|Nvu||Windows, Mac, Linux||No|
|WS_FTP Pro||Windows||Since 7.6|
If your application is not listed in the table, check your client documentation or with your vendor to determine if there is SFTP support and how to enable it. This Wikipedia entry also has an expanded table of FTP clients that may support SFTP.
What Should I Do If My Application Does Not Support SFTP
You have a couple options. If a newer version of the software supports SFTP, you could upgrade your application. Otherwise, you’ll need to replace your FTP client with a SFTP client.
Note: You can continue to use web page editors like Dreamweaver or Frontpage for design purposes, and then upload the files with a dedicated SFTP client.
The following dedicated SFTP clients are recommended:
Why Retire FTP Login?
The standard FTP protocol has no means to encrypt the user’s username, password, and file content as they are transmitted between the client and server. The protocol was developed at a time when having a reliable and efficient file transfer capability was more of a concern then safe guarding what is sent across the network.
Can FTP Be Used Securely?
FTP could be used safely but not without additional hardware or software and protocols to provide a secure environment for FTP sessions to operate safely. That is, the FTP protocol may be wrapped or protected by these additional layers (e.g., Secure Sockets Layer/Transport Layer Security (SSL/TLS) tunneling, Internet Protocol Security (IPsec), Virtual Private Network (VPN)). Additional examples are:
- FTP over SSH, sometimes called Secure FTP
- FTP/SSL (also known as FTPS), similar to the HTTPS protocol
Will FTP Over SSH Continue To Work After FTP Is Retired?
No, FTP over SSH will no longer work. It uses the actual FTP protocol over a SSH connection. SSH will continue to work but there will be no FTP service on the system for your client to communicate with. You must use a SFTP client.
What’s the Difference Between SFTP and FTP Over SSH.
SFTP and FTP over SSH are two entirely different sets of protocols. SFTP uses the SSH File Transfer Protocol over a SSH connection. FTP over SSH uses a File Transfer Protocol (FTP) session over a SSH connection. Both SFTP and FTP over SSH are used over a SSH connection but SFTP is different from FTP. Supporting FTP over SSH is difficult to accomplish due to how FTP works so SFTP was created.
To make the matter even more complicated FTP over SSH is sometimes called Secure FTP. Some people mistakenly call SFTP Secure FTP. This is how it is explained in the SSH The Secure Shell The Definitive Guide 2nd Edition by Barrett, Silverman, and Byrnes:
“The name ‘SFTP’ is also misleading in that it suggests security; many assume it stands for ‘Secure FTP’. This isn’t so. The SFTP protocol has no security features at all; implementations derive their security by speaking the protocol over an SSH connection.”
The reason this is important to you is if you are using an application that is configured for SFTP, then you are fine. If it is configured for FTP over SSH then it won’t be able to login and transfer files after the FTP service is disabled.
Unfortunately some vendors mistakenly use the term “Secure FTP” when they mean SFTP. For example, Dreamweaver 8 Site Definition Advanced tab has a feature titled “Use Secure FTP (SFTP)”. The application actually is using SFTP, not FTP over SSH.
Last Updated: October 10, 2017