ftp vs ssh - GoFuckYourself.com

bigdog · 11-29-2003, 01:04 PM

For uploads is ssh safer then useing ftp? and is haveing ftp access on your server a security risk at all?

Juicy D. Links · 11-29-2003, 01:07 PM

Safest way is too put the stuff on cd then send it to data center via one of these

vending_machine · 11-29-2003, 01:14 PM

Quote:

Originally posted by bigdog
For uploads is ssh safer then useing ftp? and is haveing ftp access on your server a security risk at all?

SSH sends your password in an encrypted form while FTP sends it plaintext. Anyone capable of sniffing your traffic can grab your password easily. That being said, I would recommend SFTP or SSH for all your remote needs.

Whether or not having FTP on your server is a security risk or not depends on how good you or your techs are at keeping up with patches. SSH can be unsecure as well for the same reasons.

GapingWound · 11-29-2003, 01:38 PM

FTP is totally unsecure. If anyone is listening at any of the hops you cross to get to your server, they can get your username, password and the files you are sending.

SFTP is only marginally more secure, as it encrypts the control channel (password, put and get commands, etc.), but not the data channel (the actual file data that gets sent).

SSH is the most secure of the 3, but as mentioned above, certain versions have had security problems. However, SSH is not a file transfer protocol, it is a simple communications protocol.
Many types of tasks can be accomplished through SSH "tunneling".

SSH tunnels are a way of redirecting traffic that normally travels on an open port, like 21, through the SSH secure port, 23, out to the server. This allows you some extra security, since traffic sent through an SSH tunnel is encrypted, AND appears to the server as having come from localhost, so if you wanted to use SSH, you could set up your ftp daemon on your server to only respond to requests from localhost. The same can be done for MySQL as well.

Basically, SSH can be used to securely tunnel pretty much any kind of traffic to the server.

You can find more information by googling for "SSH Tunneling" or "SSH Tunneling howto"

11-29-2003, 01:04 PM	#1
bigdog Confirmed User Join Date: Jul 2001 Posts: 6,964	ftp vs ssh For uploads is ssh safer then useing ftp? and is haveing ftp access on your server a security risk at all?

11-29-2003, 01:07 PM	#2
Juicy D. Links So Fucking Banned Industry Role: Join Date: Apr 2001 Location: N.Y. -Long Island -- Posts: 122,992	Safest way is too put the stuff on cd then send it to data center via one of these

11-29-2003, 01:38 PM	#4
GapingWound Registered User Join Date: Oct 2002 Posts: 96	FTP is totally unsecure. If anyone is listening at any of the hops you cross to get to your server, they can get your username, password and the files you are sending. SFTP is only marginally more secure, as it encrypts the control channel (password, put and get commands, etc.), but not the data channel (the actual file data that gets sent). SSH is the most secure of the 3, but as mentioned above, certain versions have had security problems. However, SSH is not a file transfer protocol, it is a simple communications protocol. Many types of tasks can be accomplished through SSH "tunneling". SSH tunnels are a way of redirecting traffic that normally travels on an open port, like 21, through the SSH secure port, 23, out to the server. This allows you some extra security, since traffic sent through an SSH tunnel is encrypted, AND appears to the server as having come from localhost, so if you wanted to use SSH, you could set up your ftp daemon on your server to only respond to requests from localhost. The same can be done for MySQL as well. Basically, SSH can be used to securely tunnel pretty much any kind of traffic to the server. You can find more information by googling for "SSH Tunneling" or "SSH Tunneling howto"