Why every hosting provider doesn’t provide ssh/sftp support ? Perhaps because crypting/decrypting large amount of data requires a lot more CPU cycles than sending them in clear.

Crypto acceleration cards cost a lot of money, I think it’s why you only find secure connections on middle/high-end hosting.

For people who are really serious about security, a small dedicaced server worths the price.

That’s silly: SFTP has problems of its own. There’s no perfect solution, but most regular FTP servers can support SSL or TLS encryption, making them secure.

Many of his other complaints are legitimate issues from his point of view as someone who writes an FTP client. But from a hosting provider’s point of view:

• SFTP requires you to use real accounts for each user.
• Whereas, regular FTP servers support “virtual” users who do not need an actual Unix account.
• SFTP requires each account to have an actual shell, since some of its functionality is accomplished by remotely executing commands. Usually that means the user can actually log in and get a shell prompt on your server using SSH — not a good thing if all you want to do is enable file transfers for your customers.
• Regular FTP servers do not require users to have a shell, or even a Unix account on the server.
• With regular FTP servers, adding a new virtual account can be as simple as adding a row to a database table. The users are restricted to their own directory (which can also be specified in the database).

To mitigate these problems, you can use various “fake” shells that provide just enough functionality to support SFTP. But that’s kind of dodgy and not nearly as simple as the virtual users approach.

For small-scale use (i.e., a few users whom you trust with a shell account), SFTP is great.

For commercial users, FTP-TLS can be a better choice, especially if you only want to enable file transfers and aren’t looking to give every user a shell account.

With that said, if your hosting provider doesn’t provide SFTP or FTP-TLS, then yes, dump them!

Nate, you make several good points from the POV of a hosting provider that I hadn’t considered.

Encryption is important, and FTP-TLS does provide that, but it doesn’t help with any of the other issues, as it’s just the same old protocol tunneled over a secure connection.

We get daily emails from users baffled by why “simple” things like setting modification dates or changing permissions won’t work for them. Or why they get timeouts when trying to upload or download something, even though it works fine for the guy down the hall. We can sometimes resolve these problems, but a lot of the time, it’s genuinely a server problem that we can’t fix without breaking some unknown other number of users with the opposite problem.

It’s an unwinnable balancing act that we workaround as best we can, but there is no 100% reliable set of workarounds that works for everybody as there are simply so many different varieties of FTP server, each with their own unique bugs and behaviors. A great deal of buggy servers don’t even uniquely identify themselves, so we can only guess which set of workarounds to apply.

SFTP provides a better experience at the end-user level. For people who want to just get a file from here to there, it just works. And that’s why I think it’s a better option for the future.

I had to register just to chime in on this one. If your host can’t afford to do real SFTP then you’re only paying a nickel for the service. Merlin already mentioned A2 having SFTP and their prices are stupid cheap, Dreamhost is the same. Worse comes to terrible you can get a VPS for 20$ and set up your very own SFTP server.

There simply isn’t a valid argument to be made for using anything less than SFTP. If your host can’t afford to handle SFTP then it’s already going out of business.

If you're developing websites or editing live websites over ftp or sftp you're already shooting yourself in the foot. Put that sucker in a revision control system like yesterday and use it as your deployment and change control conduit.

I’m a web developer and I can’t tell you how many clients actually make SFTP a requirement for server transfers. It’s practically an industry standard now. And, yeah, from my experience it seems a lot more stable. Just the other day I had a ton of problems getting a batch of smaller files uploaded to a Media Temple site due to the bludgeon of time outs. Makes me wonder if I would have had the same issues if the connection was done via SFTP instead of standard FTP.

To enable SFTP (port 22) on the mediatemple grid-service; you have to enable SSH for the user in AccountCenter.

I mean, there are several cleartext protocolls, FTP is just one of them. POP3 (used for accerssing mailboxes ) is another one. I always wonder how could people use this sevices while using open wifi acces ponts.

Sorry, but I have to wake you up, the Internet is not a safe harbour, it is dan-ge-rous!

If you are using or plan to use remote services, ask your security staff for suggestions and take them seriously.

I’ve been putting this off for a while. I simply saw no advantage, and didn’t know fully what was entailed with the setup.

45 seconds later, I’m ready to go.

I have no idea why, but my server uploads just sped up by a factor of 10, downloads by 20.

Transmit = i like

Thanks again.

MacHappens