I am using WinSCP 5.5.5, which gives the user the choice of FTP, SFTP, SCP protocols for remote access to website files. I chose to use SFTP.

My questions (indicated in bold numbers):

1. My understanding of SSH is that it requires a tunnel be used so that passwords and data can be encrypted. SSH can also be called 'tunneling'. Correct?

2. I assume that SFTP means SSH is added to FTP. Tunneling is required for it to be called SFTP, otherwise it's just FTP. Correct?

Two things happened with WinSCP:

  • I filled out SFTP session login details, and tried to login without going to "Advanced..." to enable SSH Tunnel settings. The connection went through without mention of any tunneling.

3. This confused me because I had chosen SFTP (FTP is an option of its own and comes with a separate "Advanced..."). Was I still using SFTP due to the lack of tunneling? Or is SFTP without tunneling actually FTP? Was encryption present, or does it require tunneling?

  • Next, I went to "Advanced..." > Connection > Tunnel > Connect through SSH Tunnel and marked that box to enable tunneling. Then upon re-connecting, it mentions I connected through a tunnel.

4. Okay. Is enabling the tunnel required for SFTP to, in fact, be SFTP? Or am I doing something like double encryption (adding extra overhead)?

Sorry about all the interrelated questions.

  • SSH tunneling means that you can open tunnels over a TCP port. You could tunnel FTP port and do FTP over a SSH tunnel (if you also have a FTP daemon running on the server), but that would be technically different than SFTP anyway.
    – LatinSuD
    Commented Sep 3, 2014 at 18:05
  • tunneling is when you use ssh -L or ssh -R Try cygwin's ssh so command line if you seek more understanding and like or are ok with the command line
    – barlop
    Commented Sep 3, 2014 at 18:45
  • @LatinSuD I've learned a few new things since posting the question. I understand now that FTP with a SSH tunnel is technically different from SFTP. Thanks for clarifying.
    – Trekker
    Commented Sep 6, 2014 at 1:19
  • @barlop Good suggestion. Also I'll check into what the -L and -R mean.
    – Trekker
    Commented Sep 6, 2014 at 1:21
  • @Trekker this may help superuser.com/questions/802756/ssh-tunneling-in-laymans-term/… see the paragraph that starts "There is a concept in SSH of local port forwarding, and remote port forwarding(reverse tunnel). "
    – barlop
    Commented Sep 6, 2014 at 11:31

1 Answer 1


My understanding of SSH is that it requires a tunnel be used so that passwords and data can be encrypted. SSH can also be called 'tunneling'. Correct?

SSH means "Secure shell". It's actually a multiplexed protocol with different functionalities (remote shell, file transfer, tunneling, etc.) all packed into the same connection.

I assume that SFTP means SSH is added to FTP. Tunneling is required for it to be called SFTP, otherwise it's just FTP. Correct?

You assume incorrectly. SFTP and FTP have nothing in common except for 3 letters and the fact that they both can be used to transfer files. Beyond that, they are different protocols with different implementations.

Tunneling, shell and SFTP are three different functionalities of the SSH protocol and can be enabled and disabled individually: you can allow shell and SFTP but not tunneling. You do not need tunneling for using SFTP/SCP.

  • Good to know more about the different functionalities of SSH. I believe it's important to learn things one step at a time, so thanks. Answer accepted.
    – Trekker
    Commented Sep 6, 2014 at 1:26

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .