CloudStick is a server control panel for developers and agencies that lets you manage cloud servers on AWS, DigitalOcean, Vultr, Linode, and Hetzner without using the command line. Plans start at $9/month — the Basic plan covers 1 server with unlimited websites; Pro at $19/month and Business at $49/month cover unlimited servers.

Will features I pay for ever get moved to a higher plan?

No. CloudStick is committed to keeping all features you currently pay for within your existing plan. New features may be added to higher tiers, but existing plan features will never be removed or require a forced upgrade.

What happens to my servers if I cancel CloudStick?

Your servers remain fully operational after cancellation. CloudStick does not host your servers — it manages them. If you cancel, you lose access to the CloudStick dashboard, but your servers continue running on your cloud provider.

Is there a free trial for CloudStick?

Yes. CloudStick offers a 7-day free trial on all paid plans with no credit card required. You can explore every feature and upgrade, downgrade, or cancel at any time during or after the trial.

SSH & ACCESS

June 24, 2026

SSH vs SFTP vs FTP: What's the Difference?

7 min read

CloudStick Team

DevOps Engineer

Share this article

SSH vs SFTP vs FTP

What Is SSH?

SSH (Secure Shell) is a cryptographic network protocol for remote server access and management. It runs on port 22 by default and encrypts the entire session — commands, responses, file transfers, and tunneled traffic. SSH is how developers and DevOps engineers connect to and manage Linux servers from the command line.

SSH also serves as the transport layer for other tools. SFTP runs over SSH. Git over SSH uses it. Port forwarding uses it. VS Code Remote SSH uses it. When people say "set up SSH" for a server, they mean configuring the OpenSSH daemon (sshd) and creating key pairs for authentication.

What Is FTP?

FTP (File Transfer Protocol) is the original file transfer protocol, dating to 1971. It uses port 21 for control and a dynamic data port. The critical problem: FTP sends everything in plaintext — username, password, and file contents are all transmitted unencrypted. Anyone on the same network path can intercept them with a packet sniffer.

FTP should never be used over the public internet. It survives in modern infrastructure only for legacy systems, internal networks behind strict firewalls, and specific hosting control panels that haven't updated. FTPS (FTP Secure) adds TLS encryption to FTP and is a separate, more secure protocol — but SFTP is still the preferred choice for new setups because it requires no separate configuration beyond SSH.

What Is SFTP?

SFTP (SSH File Transfer Protocol) provides file transfer capabilities over an SSH connection. Same port (22), same encryption, same SSH key authentication. If SSH is available on a server, SFTP works without any additional setup.

SFTP is not "FTP with encryption" — it is a completely separate protocol built on SSH. The similar name causes widespread confusion, but they share no code, no protocol mechanics, and no port. When someone says "set up SFTP", they mean SSH-based file access, not FTP with a TLS wrapper.

SFTP supports upload, download, directory listing, renaming, permissions management, and symbolic links — everything needed for managing files on a remote server. SFTP replaced FTP as the standard for secure web server file access.

Side-by-Side Comparison

Protocol  Port  Encryption    Auth              Use Case
──────────────────────────────────────────────────────────────────
SSH       22    AES/ChaCha20  Keys / Password   Remote shell, commands
SFTP      22    AES/ChaCha20  Keys / Password   File transfer (secure)
SCP       22    AES/ChaCha20  Keys / Password   Quick file copy (SSH)
FTP       21    None          Password only     Legacy / internal only
FTPS      21    TLS           Password / Cert   FTP with encryption
# SSH, SFTP, and SCP all use the same SSH protocol,
# share port 22, and use the same key authentication.

When to Use Which

Use SSH when you need to run commands, manage the server, restart services, or execute deployment scripts.

Use SFTP when you need interactive file management — browsing directories, uploading builds, downloading logs, or giving clients access to a specific folder via a GUI client like FileZilla or Cyberduck.

Use SCP for quick one-off file copies in scripts. Faster than SFTP for single files since it skips the interactive negotiation phase.

Use rsync over SSH for directory syncing and incremental backups: rsync -avz -e ssh ./dist/ user@server:/var/www/ — only transfers changed files.

Never use plain FTP over the public internet. Use SFTP instead — it requires no extra server configuration and is strictly more secure.

CloudStick FTP & SFTP

CloudStick provides SFTP on all plans and plain FTP on Basic and above. The Free plan is SFTP-only — a practical security benefit since there's no temptation to enable the less secure protocol. Both are configured from the FTP Access section in each website's panel, where you create users scoped to specific directories with automatic chroot.

Recommendation: use SFTP for all new integrations. Only enable plain FTP if a specific legacy tool requires it — and only on a private network or behind a VPN. CloudStick's chrooted SFTP users are the right way to give clients or contractors access to a single website without exposing the rest of the server.

How to Use SFTP to Transfer Files Securely

A practical guide to SFTP commands, GUI clients, and integrating SSH key auth for secure file access.

How to Secure SSH with Keys and Disable Password Login

All SSH-based tools — SFTP, SCP, rsync — benefit from key hardening. Set it up once for every protocol.