• some of the server implementations appear to be buggy and/or not totally spec compliant.
  • SFTP is a “subsystem” mechanism of SSH, slightly vaguely defined at the connection protocol RFC-4254 layer of the SSH arch. first you have to open a session, then you can start a shell, execution of some command, or a “predefined subsystem” on the server. SFTP is one of the latter.
  • it turns out there are actually a whole bunch of different SFTP versions, not one of which appears to have made it to an official RFC number from IETF, all remain personal or official drafts. oh, and the only “SFTP” that actually got and RFC number, RFC-913 (from 1984) is not it. :)
  • to make things more interesting, SFTP versions are NOT exactly backwards compatible, so v3, v4 and v5 modes need to be explicitly supported. the differences are minor and mostly incremental, but still…
  • SFTP v3 (2001, 29p. drafts -00 through -02 incrementally refine the definition of v3 of the protocol) seems to be the most popular and widely implemented, including by openssh, some servers added custom extensions (statvfs@openssh.com, hardlink@openssh.com. and yup, those are the names!).
  • SFTP v4 (2002, 38p and SFTP v5 (2004, 50p) seem to be better - while still reasonable - protocols, WinSCP client impls them, but not sure which servers do. these versions add UTF-8 support, they’re more cross platform friendly and have 64-bit timestamps.
  • SFTP v6 (8 drafts between 2004 and 2006, culminating in 60p -13) seems to be a design-by committee monster of a spec, twice as large as the v3, and - predictably - no meaningful adoption.
  • at least since v3, SFTP includes support for “vendor extensions”, some of which were actually defined in the various SFTP drafts themselves, coming and going through the revisions. some of those seem handy, e.g.:
    • copy-file (ProFTPD/mod_sftp) - server side copy?
    • check-file (standard ext, methinks) - file Hashing - this extension allows a client to easily check if a file (or portion thereof) already matches what is on the server.
    • space-available - this extension provides a way to discover the available space.
  • in 2006 there was a belated effort to standardize the extensions, but this came during the later, v6 days of the protocol, and it refs: draft -10 as the base protocol. dunno about its adoption status, but it’s unlikely.
  • today, stock OpenSSH server actually has 2 SFTP implementations, the differences between which are mostly relevant to the users (think chroot):
    • the original standalone ‘sftp-server’ binary, to be forked by sshd, which you can force by putting something like the following in your sshd_config (you’ll need to find where the binary lives first, it’s not in the $PATH): Subsystem sftp /usr/lib/openssh/sftp-server
    • the more recent internal subsystem ‘internal-sftp’, which you can force by the following config instead: Subsystem sftp internal-sftp
  • OpenSSH extensions, bugs and non-standard hacks were documented by the libssh folks at some point by the past, but keep in mind that that’s the pot calling the kettle black.
  • ProFTPD/mod_sftp has a list of extensions

some general external links: