FTP Client Update

Last fall I wrote about various (S)FTP(ES) clients, and in that article mentioned that secure authentication with popular open source FTP server pureFTPd did not work with VanDyke Software’s SecureFX FTP client as it lacks the option to use unencrypted data channel – a requirement with pureFTPd. VanDyke Software is now working on a version 6.3 that will introduce that option; the new version should see daylight (in production) sometime toward the end of this year.

On a related note, I’ve been recently using for (S)FTP(ES) connections the winner of my FTP client comparison in the fall, Ipswitch WS_FTP Pro.  Ipswitch just recently released the version 12 of the software.  A quick run-down between the SecureFX and WS_FTP Pro quickly reveals that WS_FTP Pro gives more fine-grained control over many operations, and that the GUI of the product is more up-to-date than that of SecureFX (see screen shots below). While the SecureFX interface is rather utilitarian and is in need of an update, it has the benefit of being able to share the session list with VanDyke’s excellent terminal/SSH client SecureCRT. So perhaps you won’t need the extra features/options of WS_FTP Pro, and find the singular session list handy, then SecureFX is certainly worth a look. On the other hand, if you’re just looking for the best FTP client, I’d be inclined to recommend WS_FTP Pro at this time. The price tags of the products likely reflect the differences in features and looks: SecureFTP is priced at $59.95 compared to the $89.95 price-tag of WS_FTP Pro.


Ipswitch WS_FTP Pro

The Best (S)FTP(ES) Client!

I’ve been using Van Dyke Software’s SecureFX for a long time for FTP transfers. It’s a decent software, but I’ve always found its user interface a bit clumsy (floating windows inside a master window..). Recently the need for secure connections has become increasingly important, and SecureFX doesn’t support Explicit FTPS, or “FTPES”. The difference of the “explicit” and “implicit” FTPS was well described on a page found on Enterprise Distributed Technologies site:

Before the FTPS Internet Draft was published a somewhat abortive attempt at offering a secure version of FTP was made. This is now referred to as implicit FTPS. It is a very simplistic technique which involves using standard secure TLS sockets in place of plain sockets at all points. Since standard TLS sockets require an exchange of security data immediately upon connection, it is not possible to offer standard FTP and implicit FTPS on the same port. For this reason another port needs to be opened – usually port 990.

Implicit FTPS is in the process of being phased out in favour of FTPS as described in the Internet Draft. This newer variant of FTPS is now referred to as explicit FTPS. It has a some substantial advantages over implicit FTPS:

  1. It is a standard extension of FTP and is therefore supported by most FTP servers.
  2. It uses standard FTP ports meaning that there is no need to open addition ports in firewalls when upgrading from FTP to FTPS.
  3. It is more flexible in that it allows security to be turned off and on in a single session.
  4. It is compatible with the RFC2228 standard.

I decided to review some other FTP clients at hand. The excellent Filezilla would be perfect, except it doesn’t yet support RSA-key based SFTP authentication making it unsuitable for accessing the roots of remote systems. Its Explorer integration was also imperfect in that attempting to drag a file from a connected ftp site to the desktop (outside of the program window) resulted in an error.

I tried FTPRush, but gave up on it after a while — could not get FTPES working properly. It probably would work, but the reason for why it did not work was not obvious.

WinSCP offers SCP/SFTP (both key and password based), but it doesn’t support FTPS, explicit or implicit.

CuteFTP Pro supports all three connectivity types, but while existing key types can be defined, it’s finicky on the format of the key (I could not get an externally generated key working). Additionally it only supports *one* RSA key globally for all profiles AND it doesn’t allow dragging-and-dropping items from a connected remote site to the local desktop or other explorer location (i.e. outside of the application window). I crossed it out.

I looked at the screen shots of CoreFTP.. and they were enough to convince me I would not want to try it.

Finally, I gave the latest version of the ‘ol WS_FTP Professional by Ipswich systems a try, and found all three connectivity types easily configured. It also wants to generate RSA keys itself, but at least each profile can have its own key and drag-and-drop out of the application window works. Seems it’s the winner, for now (Filezilla holds a lot of promise — once they implement RSA key authentication it may well come out at the top.. especially since it’s free software).

Two other slightly different kind of FTP clients worth mentioning here are WebDrive and SFTP Drive which map Windows drive letter(s) to remote FTP site(s). Both work very well; WebDrive is a bit more configurable (and a bit more expensive) of the two. Both support SFTP (password or RSA key pair authentication), WebDrive additionally supports WebDAV, Amazon S3, and insecure FTP. Neither program offers support for FTP(E)S. (Update: read the post comments regarding FTPS support in WebDrive.)