FTP and Encryption for Users

I have 3 users that I want to be able to access an FTP server that I have. Each user will have their own directory, and each will have their own login and password. I would like them to be able to upload the data using an FTP client such as FileZilla.

The issue is that I would like them to be able to upload the data securely. I understand that on a website you can have an SSL certificate with 256 bit encryption, but could someone please explain to me (or direct me where to learn):

1) what is the "FTP equivalent" of having an SSL certificate for a website?

2) I've read about sftp and ssh, but I'm confused as to how to put it all together. Can you configure sftp or ssh to have 256 bit encryption?

Thank you.

Basically I want them to be able to upload to their FTP directory with an "SSL certificate".

Thanks

You can't use an SSL certificate with FTP in the same way that you do in a browser. There isn't really an equivalent, FTP as a protocol doesn't support encryption.

SSH is always encrypted. SFTP goes hand in hand with SSH, but from a user's perspective it operates pretty much the same as FTP. The underlying protocol is different through.

So you are saying that SFTP is a secure version FTP, that runs through SSH?

Is that correct?

And then what is the encryption level with SFTP? 128, 256? Or does that not apply?

SFTP is not a secure version of FTP, it isn't a version of FTP at all despite the name.

However, SFTP does have the same purpose as FTP (file management) and uses SSH to connect to the server and encrypt the connection. FileZilla has built in support for SFTP. Some other FTP clients do as well, but since SFTP is not a version of FTP not all FTP clients also support SFTP (as I mentioned before, SFTP is a completely different protocol). OpenSSH is the SSH server deployed on most servers and it has SFTP support built in.

The connection is encrypted at whatever bit level your SSH server is configured to encrypt data at. Usually that is either 128 or 256 bits. You can't run SSH without encryption.

Actually I wasn't entirely correct earlier when I said that there wasn't a secure version of FTP. There is an extension to the FTP protocol called FTPS which is a secure version of FTP and does use certificates. I don't think that this protocol is widely used although it might be readily available. FTPS does not use SSH.

At the risk of making this even more confusing, let me say that you can technically tunnel an FTP connection through an SSH connection, but this requires advanced configuration on the client side to get it working. Plus, since the vast majority of SSH server installations support SFTP out of the box it's kind of pointless since you can just use SFTP instead.

Easy way is to use a VPN.

With that said

FTPS (FTP-SSL) is a real ftp that uses TSL/SSL to encrypt the control session and if required the data session. With FTPS the control session is always encrypted, but the data session might not be.

SFTP (Secure File Transfer Protocol) is a secure replacement for FTP (File Transfer Protocol) based on the Secure Shell protocol. Unlike FTP, SFTP encrypts both commands and data providing effective protection against common network security risks.

Many FTP servers support secure FTP transfers like proftp and vsftp, However the encryption is usually not supported in web browsers and a ftp client would be needed.


SCP (Secure Copy) is a non-interactive command-line tool for securely transmitting files from a machine to another. It is a secure replacement for RCP and provides a similar command-line syntax. SCP is strongly based on SFTP but is often a more suitable choice when setting up unattended file transfers using scripts.

SSL is not related to FTP server..
if want give permission to your existing users then you need to create a 3 ftp user and give the file permission by rightclicking of the particular folder or a Root directory..ftp commands chmode..