Here is a story between the difference between ssh and telnet. The same lesson learned can be applied to sftp vs ftp.
My room-mate at the time asked me what the difference was between ssh and telnet.
So I set up a telnet server on computer. I then created an account for him. I logged him in to my compuer on his computer and said "change your password, just don't let me see it". He changed his password.
I then told him to log into my server using telnet. But first I started wireshark on my computer, so I could capture packets coming into my server.
1 minute later I walked into his room with a post-it-note and said "here is the password that you miss-typed the first time that you tried to log in, and here is your correct password that you typed in the second time.
I then told him to log in using ssh. I showed him the output from the packets I captured. The password was encrypted with ssh and I could not determine his password.
Last edited by binary_pearl; 02-07-2011 at 10:34 PM.
Reason: Had the order of the story a bit wrong. I said I started wireshark too soon. An asute observer would have noticed the flaw.