SFTP vs FTPS

Question

edtFTPj/PRO Supports both FTPS and SFTP.

While FTPS and SFTP are completely different protocols, they offer the same basic feature

Answer 1

Your article states "SFTP uses keys rather than certificates" - What kind of keys, the SSH RFCs refer to host keys and seem to imply asymetric technology but I'm having difficulty understanding them.

The article also states "SFTP clients must install keys on the server", please explain why this is so. The SSH RFCs seem to indicate that the major issue is the client verifying the server key and server identy association rather than the server having to evaluate a client key.

Thank you for your help, I'm trying to understand the technology and any assistance would be appreciated.

Answer 2

SSH uses asymmetric keys - public/private key pairs.

Servers must be able to identify the client (as it is essentially logging into the server), hence the client public key must be installed on the server.