0 votes
by (630 points)

SFTP Rebex client can communicate with SFTP server running on Windows / Linux / RTOS.
Can you confirm this?

Also SFTP v3 & v4 is supported by Rebex. I see there is v5 & v6.
Will the Rebex SFTP client have to be updated when the SFTP server is moved from v4 to v6?

Applies to: Rebex SFTP

1 Answer

0 votes
by (145k points)

Rebex SFTP should be able to communicate with SFTP servers running on Windows / Linux / RTOS as long as they implement SSH v2 protocol and a compatible set of cipher suites.

But the answer to the other question is more complex.

Short answer:

SFTP v3 is currently the de-facto industry standard and it's not going away any time soon. As far as we know, it's supported by all SFTP servers - even those that support v4, v5 or any of the different interations of v6 as well. Removing SFTP v3 support is not really an option for SSH client/server vendors because it would make their products incompatible with OpenSSH (SSH implementation with the largest market share), which only supports SFTP v3 and has no plans to add support for the higher versions.

Long answer:

The SFTP protocol never became a proper standard. It is described by series of IETF draft documents that have been expired for more than 10 years - the final version never materialized.

The main reason for this unfortunate state is that the evolving protocol specification started to get somewhat out of hand when SFTP v4 draft was published, and this progressed even further with v5 and v6 drafts. Those higher versions incorporated new features that were perceived as unnecessary and too complex by a substantial share of SSH vendors and users, and never gained much traction. Finally, the SFTP standardization process became stuck when the IETF working group responsible for SSH decided to cease working on it in 2006.

Due to this, the higher versions have not been universally adopted, which left us with SFTP v3 as a de-facto standard. The most vocal critics of higher versions include OpenSSH developers - in their words, "more recent versions of the [...] drafts [...] are hopelessly bloated and broken" and OpenSSH won't ever be supporting those more recent drafts (v4 to v6). They apparently consider them to be a dead-end.

Therefore, we too consider SFTP v3 to be a de-facto standard - a common protocol all SFTP servers implement. On the other hand, SFTP v4, v5 and v6 are not universally adopted - they are expired drafts that some vendors choose to support (usually partially) in addition to SFTP v3 (either because they do in fact add some useful features for niche scenarios, or because support for them looks good on a 'supported protocols list').

This said, if our customers encounter a scenario where SFTP v5 or v6 is required, we would consider partially implementing it as well. But this has not occurred so far.

Additionally, some of the useful features of SFTP v6 are extensions, and we do support a majority of them - they are compatible with SFTP v3/v4. We support OpenSSH SFTP extensions as well.