GoFuckYourself.com - Adult Webmaster Forum - View Single Post

GapingWound · 11-29-2003, 01:38 PM

FTP is totally unsecure. If anyone is listening at any of the hops you cross to get to your server, they can get your username, password and the files you are sending.

SFTP is only marginally more secure, as it encrypts the control channel (password, put and get commands, etc.), but not the data channel (the actual file data that gets sent).

SSH is the most secure of the 3, but as mentioned above, certain versions have had security problems. However, SSH is not a file transfer protocol, it is a simple communications protocol.
Many types of tasks can be accomplished through SSH "tunneling".

SSH tunnels are a way of redirecting traffic that normally travels on an open port, like 21, through the SSH secure port, 23, out to the server. This allows you some extra security, since traffic sent through an SSH tunnel is encrypted, AND appears to the server as having come from localhost, so if you wanted to use SSH, you could set up your ftp daemon on your server to only respond to requests from localhost. The same can be done for MySQL as well.

Basically, SSH can be used to securely tunnel pretty much any kind of traffic to the server.

You can find more information by googling for "SSH Tunneling" or "SSH Tunneling howto"

11-29-2003, 01:38 PM
GapingWound Registered User Join Date: Oct 2002 Posts: 96	FTP is totally unsecure. If anyone is listening at any of the hops you cross to get to your server, they can get your username, password and the files you are sending. SFTP is only marginally more secure, as it encrypts the control channel (password, put and get commands, etc.), but not the data channel (the actual file data that gets sent). SSH is the most secure of the 3, but as mentioned above, certain versions have had security problems. However, SSH is not a file transfer protocol, it is a simple communications protocol. Many types of tasks can be accomplished through SSH "tunneling". SSH tunnels are a way of redirecting traffic that normally travels on an open port, like 21, through the SSH secure port, 23, out to the server. This allows you some extra security, since traffic sent through an SSH tunnel is encrypted, AND appears to the server as having come from localhost, so if you wanted to use SSH, you could set up your ftp daemon on your server to only respond to requests from localhost. The same can be done for MySQL as well. Basically, SSH can be used to securely tunnel pretty much any kind of traffic to the server. You can find more information by googling for "SSH Tunneling" or "SSH Tunneling howto"