I’ve been using Van Dyke Software’s SecureFX for a long time for FTP transfers. It’s a decent software, but I’ve always found its user interface a bit clumsy (floating windows inside a master window..). Recently the need for secure connections has become increasingly important, and SecureFX doesn’t support Explicit FTPS, or “FTPES”. The difference of the “explicit” and “implicit” FTPS was well described on a page found on Enterprise Distributed Technologies site:
Before the FTPS Internet Draft was published a somewhat abortive attempt at offering a secure version of FTP was made. This is now referred to as implicit FTPS. It is a very simplistic technique which involves using standard secure TLS sockets in place of plain sockets at all points. Since standard TLS sockets require an exchange of security data immediately upon connection, it is not possible to offer standard FTP and implicit FTPS on the same port. For this reason another port needs to be opened – usually port 990.
Implicit FTPS is in the process of being phased out in favour of FTPS as described in the Internet Draft. This newer variant of FTPS is now referred to as explicit FTPS. It has a some substantial advantages over implicit FTPS:
- It is a standard extension of FTP and is therefore supported by most FTP servers.
- It uses standard FTP ports meaning that there is no need to open addition ports in firewalls when upgrading from FTP to FTPS.
- It is more flexible in that it allows security to be turned off and on in a single session.
- It is compatible with the RFC2228 standard.
I decided to review some other FTP clients at hand. The excellent Filezilla would be perfect, except it doesn’t yet support RSA-key based SFTP authentication making it unsuitable for accessing the roots of remote systems. Its Explorer integration was also imperfect in that attempting to drag a file from a connected ftp site to the desktop (outside of the program window) resulted in an error.
I tried FTPRush, but gave up on it after a while — could not get FTPES working properly. It probably would work, but the reason for why it did not work was not obvious.
WinSCP offers SCP/SFTP (both key and password based), but it doesn’t support FTPS, explicit or implicit.
CuteFTP Pro supports all three connectivity types, but while existing key types can be defined, it’s finicky on the format of the key (I could not get an externally generated key working). Additionally it only supports *one* RSA key globally for all profiles AND it doesn’t allow dragging-and-dropping items from a connected remote site to the local desktop or other explorer location (i.e. outside of the application window). I crossed it out.
I looked at the screen shots of CoreFTP.. and they were enough to convince me I would not want to try it.
Finally, I gave the latest version of the ‘ol WS_FTP Professional by Ipswich systems a try, and found all three connectivity types easily configured. It also wants to generate RSA keys itself, but at least each profile can have its own key and drag-and-drop out of the application window works. Seems it’s the winner, for now (Filezilla holds a lot of promise — once they implement RSA key authentication it may well come out at the top.. especially since it’s free software).
N.B.
Two other slightly different kind of FTP clients worth mentioning here are WebDrive and SFTP Drive which map Windows drive letter(s) to remote FTP site(s). Both work very well; WebDrive is a bit more configurable (and a bit more expensive) of the two. Both support SFTP (password or RSA key pair authentication), WebDrive additionally supports WebDAV, Amazon S3, and insecure FTP. Neither program offers support for FTP(E)S. (Update: read the post comments regarding FTPS support in WebDrive.)