Differences between sftp and FTP

OpenSSH's stfp and IBM® Communications Server’s FTP with System SSL differ from each other. OpenSSH's stfp is an Open Source implementation of the IETF Secure Shell (SECSH) SSH File Transfer Protocol Internet Draft. OpenSSH uses a statically linked LibreSSL cryptographic library, System SSL, or ICSF to perform its cryptographic functions. OpenSSH provides some key management facilities with the ssh-keygen command. However, this support is not integrated with System SSL support provided by IBM. OpenSSH uses the security product when performing password authentication and when extracting keys from certificates associated with SAF key rings. The public key authentication processing itself is overseen by the OpenSSH daemon.

For information about the IETF SECSH internet drafts, see RFCs and Internet drafts.

The Communications Server FTP server and client support Transport Layer Security (TLS). The FTP client and server negotiate the use of TLS based on a subset of the FTP security negotiation functions documented in RFC 2228. FTP uses z/OS® System SSL, and therefore can use the cryptographic hardware. For more information about FTP, see TLS-enabled FTP in z/OS Communications Server: IP Configuration Guide.

Because stfp and FTP with System SSL do not use the same protocol, they cannot communicate with each other to establish a secure session.

OpenSSH's stfp support does not include built-in support for MVS data sets. For alternate ways to access MVS data sets within stfp, see Accessing MVS data sets within sftp.