Differences between sftp and FTP

OpenSSH's sftp and IBM® Communications Server’s FTP with System SSL differ from each other. OpenSSH’s sftp is an Open Source implementation of the IETF Secure Shell (SECSH) "SSH File Transfer Protocol" Internet Draft. OpenSSH uses a statically linked OpenSSL cryptographic library, System SSL, or ICSF to perform its cryptographic functions. OpenSSH provides some key management facilities with the ssh-keygen command. However, this support is not integrated with System SSL support provided by IBM. OpenSSH uses the security product when performing password authentication and when extracting keys from certificates associated with SAF key rings. The public key authentication processing itself is overseen by the OpenSSH daemon.

For information about the IETF SECSH internet drafts, see RFCs and Internet drafts.

The Communications Server FTP server and client support Transport Layer Security (TLS). The FTP client and server negotiate the use of TLS based on a subset of the FTP security negotiation functions documented in RFC 2228. FTP uses z/OS® System SSL, and therefore can use the cryptographic hardware. For more information about FTP, see z/OS V2R2.0 Communications Server: IP Configuration Guide.

Because sftp and FTP with System SSL do not use the same protocol, they cannot communicate with each other to establish a secure session.

Restriction: OpenSSH's sftp support does not include built-in support for MVS™ data sets. For alternate ways to access MVS data sets within sftp, see Accessing MVS data sets within sftp.