SECURE FTP (SFTP, SSH, FTP over SSL)

There are many ways to send files over the internet.   You can just ftp a file, email a file, upload a file, or even share via a vpn.   This easy task of sending a file gets difficult when the information in the file needs to be secured.  I have seen / used many solutions to make a secure file transfer. Some use custom code (http and .net) others just use https and an upload feature, some add the use of file encryption (PGP or similar).  I have never found the best mix because it always depends on requirements or needs.  I have however found what works well with Windows / IIS.

There are 3 or 4 ftp servers I would recommend using with IIS that allow for secure ftp.  I won’t go into the benifits of each type of secure ftp (FTP over ssl, ssh, or sftp).  I will mention some of the products I have evaulated and used in my past projects:

Globalscape Secure ftp server (http://www.cuteftp.com/gsftps/) – This was the first secure ftp server I have ever installed an used.  I found it very easy to configure and integrate into an environment.  I was very successful using the Active Directory user model as well.  I think this may be the only product that can integrate with AD (don’t quote me)  The price for globalscape is also reasonable – $490 is not that much to pay for a reliable and supported server software.  I have used this product since the early days and found that version 2.0 was a bit buggy on 2003 (when Server 2003 came out)  However the Globalscape team updated the software and corrected the issues very quickly.  The newer version have been able to handle 1000′s of transactions for me in the past, with great reliability.  The secure part of the server worked well with almost any client, Filezilla (more on Filezilla to come) and also other vendors ftp clients.

Glub Tech – Secure FTP (http://www.glub.com/products/secureftp/) – This is the only product I have not used in a production environment.  The install is fairly painless, but I found the configuration and use a bit cumber sum. I also liked the price (25) but was not sure on the licensing if that was for the client or the server.  I only list this one because it is found on most searches.

Ipswitch – WS FTP server – (http://www.ipswitch.com/products/ws_ftp-server/index.asp?t=features)  Ipswitch also makes a fine product.  The cost $395 is very reasonable.  I found it was very easy to install but hard to navigate through the options.  I also have used this in a production environment for a few years and found the reliability very good.  The secure section of this product did not work well with other client than the IPswitch client.  I never got over the fact that it did not play well with other clients.

Filezilla server (http://filezilla.sourceforge.net/) – I did not discover this product until I had been using globalscape for about a year and a half.  When I fisrt stumbled upon it after using the Filezilla ftp client with the globalscape server.  I did not know what to make of beta ftp servers running in a production environment.  Since that time I have deployed this server in about 3- 5 environments with great success.   It is a fantastic FTP server as well as a Secure ftp server.   It allows you to use all the mentioned protocols above. If you are in need of sending secure files I would recommend trying this out.  You cannot beat the cost (FREE).
I hope this information helps out the next Admin that is in need of some secure file transfers.

It is worth mentioning some other products available. They may not be the same as Secure ftp but they do allow for secure communication.

OPEN SSH on windows – (http://sshwindows.sourceforge.net/ )  this is a little gem if you are willing to work through a tough install and configuration.  Once you have this running you can use Filezilla (client) and connect to a windows machine via SSH and use it like an ftp server.

SSL Explorer – (http://www.sshtools.com/showSslExplorer.do) – this is more of a vpn solution, but it works very well.  It creates a SSL based vpn and you can transfer files via that.  They offer a free solution for non commercial use.

UPDATE:

Since writing this post I have taken to using SSH or rather SCP to transfer files.   In the windows world I have had great success with freesshd.

FreeSSHd (or freeftpd): (http://www.freesshd.com/) a great windows implementation of ssh.  It allows you to set user information and rules.