SFTP is a secure form of the FTP command. Whenever a user opens up a regular FTP session, the entire transmission made between the host and the user is sent in plain text. Anyone who has the ability to snoop on the network packets can read the data, including the password information. If an unauthorized user can login, they have the opportunity to compromise the system.
When using SFTP instead of FTP, the entire login session, including the transmission of the password, is encrypted. It is therefore much more difficult for an outsider to observe and collect passwords from a system using SSH/SFTP sessions.
To begin, you will need to have an SFTP client installed on your computer. For this example, I will be using FileZilla, which is a free FTP/SFTP client that can be installed on any platform; however, you may use any SFTP client that you want.
Next, you will need the following information:
- Host Name: This is your application's web address (remove the http://)
- Username: This is your application's system username
- Password: This is your application's system password
- Port: 22
Login using your SFTP Client