For uploads is ssh safer then useing ftp? and is haveing ftp access on your server a security risk at all?
ftp vs ssh
Collapse
X
-
-
SSH sends your password in an encrypted form while FTP sends it plaintext. Anyone capable of sniffing your traffic can grab your password easily. That being said, I would recommend SFTP or SSH for all your remote needs.Originally posted by bigdog
For uploads is ssh safer then useing ftp? and is haveing ftp access on your server a security risk at all?
Whether or not having FTP on your server is a security risk or not depends on how good you or your techs are at keeping up with patches. SSH can be unsecure as well for the same reasons.Comment
-
FTP is totally unsecure. If anyone is listening at any of the hops you cross to get to your server, they can get your username, password and the files you are sending.
SFTP is only marginally more secure, as it encrypts the control channel (password, put and get commands, etc.), but not the data channel (the actual file data that gets sent).
SSH is the most secure of the 3, but as mentioned above, certain versions have had security problems. However, SSH is not a file transfer protocol, it is a simple communications protocol.
Many types of tasks can be accomplished through SSH "tunneling".
SSH tunnels are a way of redirecting traffic that normally travels on an open port, like 21, through the SSH secure port, 23, out to the server. This allows you some extra security, since traffic sent through an SSH tunnel is encrypted, AND appears to the server as having come from localhost, so if you wanted to use SSH, you could set up your ftp daemon on your server to only respond to requests from localhost. The same can be done for MySQL as well.
Basically, SSH can be used to securely tunnel pretty much any kind of traffic to the server.
You can find more information by googling for "SSH Tunneling" or "SSH Tunneling howto"icq: 119 4580Comment


Comment