Bitvise SSH Server: Compatibility with FTPS Clients

In SSH, compatibility rarely comes at the expense of security. Therefore, when used with clients supporting SSH, SFTP and SCP, Bitvise SSH Server attempts to be compatible with the widest possible variety of file transfer clients.

Bitvise SSH Server also supports FTPS - FTP over TLS/SSL. The FTP protocol has a longer history than SSH and is originally rooted in an insecure, unencrypted design. FTPS clients vary greatly in the security measures they support for FTP. Therefore, Bitvise SSH Server is compatible with FTPS clients more selectively than in the case of SSH, SFTP and SCP clients.

To be compatible with Bitvise SSH Server, an FTPS client must:

  • Support explicit TLS started using AUTH TLS at the beginning of the FTP control connection.

  • Use FTP passive mode.

  • Support TLS for data connections, and use TLS resume functionality for data connections.

Enabling FTPS

FTPS is available in Bitvise SSH Server versions 8.xx and newer. Older versions do not support FTPS.

FTPS is disabled in the SSH Server by default. An administrator may prefer to use Bitvise SSH Server for only SSH, SFTP or SCP.

FTPS requires at least one additional port. If there is another FTP server on the system, it may be using that port already.

In SSH Server versions 8.xx, you can enable FTPS in Easy settings, on the Server settings tab. Alternately, you can configure FTPS bindings in Advanced settings, under Bindings and UPnP.

Compatible FTPS Clients

We cannot guarantee compatibility between all versions of Bitvise SSH Server and each client. However, our testing has confirmed that the following FTPS clients were compatible with Bitvise SSH Server at some point:

Product Version Platform Notes
3D-FTP9.07WindowsClient did not verify FTPS certificate
AnyClientWindows
Auto FTP Manager6.01Windows
Beyond Compare4.1.6 build 21095Windows
cURLLinux
Cyberduck5.0.11.20753Windows
Directory Opus11.19Windows
Far Managerv3.0 build 4747Windows
FetchMac
FileZilla3.38.1Windows
FlashFXP5.4.0 build 3939Windows
FTP Manager Lite2.1Windows
SmartFTP8.0.2242Windows
Steed (FTP)1.2.0.1147Windows
Total Commander8.52aWindows
TransmitMac
WinSCP5.13.4 (Build 8731)WindowsSFTP and SCP work. FTPS worked on Windows 8.1 and Windows 10, but not on older Windows versions because WinSCP did not use TLS resume for data connections.

Semi-Compatible FTPS Clients

We were able to use the following FTPS clients with Bitvise SSH Server after adjusting client settings:

Product Version Platform Notes
CuteFTP9WindowsEnable Global Options > Security\SSL Security > Reuse cached session for data connection
lftpLinuxIn ~/.lftp/rc, add line: set ftp:ssl-protect-data yes
WS_FTPWindowsEnable Site options > Advanced\SSL > Reuse SSL session

Incompatible FTPS Clients

We were not able to use the following FTPS clients with Bitvise SSH Server:

Product Version Platform Notes
Beyond FTP3.3.01WindowsSSH (SFTP) worked, FTPS did not work due to incompatible algorithms. When we checked, it was last updated in 2010.
BitKinex3.2.3WindowsClient would disconnect before completing SSL negotiation. When we checked, it was last updated in 2010.
Core FTP (LE)2.2WindowsSSH (SFTP) worked, FTPS did not work because it did not support TLS resume for data connections. When we checked, it was last updated in 2016.
Commander OneMacSSH (SFTP) worked, FTPS did not work
CrossFTP1.97.8WindowsSSH (SFTP) worked, FTPS did not work because it did not support TLS resume for data connections. When we checked, it was last updated in 2016.
ExpanDriveWindowsSSH (SFTP) worked, FTPS did not work because it did not support TLS resume for data connections. When we checked, it was last updated in 2016. Client did not verify SSH host keys or FTPS certificates
FTP Commander (Deluxe)WindowsDisconnected at authentication stage.
FTP VoyagerWindowsSSH (SFTP) worked, FTPS did not work due to incompatible algorithms. When we checked, it was last updated in 2014.
FTP Rushv2.1.8WindowsSSH (SFTP) worked, FTPS did not work because it did not support TLS resume for data connections. When we checked, it was last updated in 2011. Client did not verify SSH host keys or FTPS certificates
InterarchyMacSSH (SFTP) worked, FTPS did not work
Syncplify.me FTP!1.0.11.31WindowsSSH (SFTP) worked, FTPS did not work because it did not support TLS for data connections
Sysax FTP Automation1.0.11.31WindowsSSH (SFTP) worked, FTPS did not work because it did not support TLS resume for data connections. When we checked, it was last updated in 2016.
WebDrive2018.0OSXSSH (SFTP) worked, FTPS did not work
WebDrive3.2.3IOSSSH (SFTP) worked, FTPS did not work
WISE-FTP9WindowsSSH (SFTP) worked, FTPS did not work because it did not support TLS for data connections. Client did not show fingerprint during SSH host key verification; did not verify FTPS certificate by default
Yummy FTPMacSSH (SFTP) worked, FTPS did not work