From owner-freebsd-questions@FreeBSD.ORG  Fri Aug 27 05:19:49 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6C82B1065693
	for <freebsd-questions@freebsd.org>;
	Fri, 27 Aug 2010 05:19:49 +0000 (UTC)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk
	[IPv6:2001:8b0:151:1:3fd3:cd67:fafa:3d78])
	by mx1.freebsd.org (Postfix) with ESMTP id E85D28FC1B
	for <freebsd-questions@freebsd.org>;
	Fri, 27 Aug 2010 05:19:48 +0000 (UTC)
Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk
	[81.187.76.163]) (authenticated bits=0)
	by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id
	o7R5JbN8038774
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
	Fri, 27 Aug 2010 06:19:45 +0100 (BST)
	(envelope-from m.seaman@infracaninophile.co.uk)
Message-ID: <4C774AE1.2040800@infracaninophile.co.uk>
Date: Fri, 27 Aug 2010 06:19:29 +0100
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Organization: Infracaninophile
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB;
	rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2
MIME-Version: 1.0
To: Ed Flecko <edflecko@gmail.com>
References: <AANLkTikvteMWrwHxqAmva4_uxtR2KWapOs6KxXL=qcUj@mail.gmail.com>
In-Reply-To: <AANLkTikvteMWrwHxqAmva4_uxtR2KWapOs6KxXL=qcUj@mail.gmail.com>
X-Enigmail-Version: 1.1.1
OpenPGP: id=60AE908C
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enigE82AD68E9255BD30F0D713C6"
X-Virus-Scanned: clamav-milter 0.96.2 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_20,DKIM_ADSP_ALL,
	SPF_FAIL autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	lucid-nonsense.infracaninophile.co.uk
Cc: freebsd-questions@freebsd.org
Subject: Re: Advantage -vs- Disadvantage: SFTP -vs- SCP
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Aug 2010 05:19:49 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigE82AD68E9255BD30F0D713C6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 26/08/2010 23:07:35, Ed Flecko wrote:

> I have a server I'm building that is internet accessible and I'm
> wondering if there's any advantages/disadvantages of using either SFTP
> -vs- SCP?
>=20
> My primary concern is overall security of the server (even if that
> means inconveniencing the end users), and I'm wondering if one method
> might be better than the other?

It depends what you mean by SFTP.  If you mean the SSH sub-system (file
transfer tunnelled over SSH using a client which works like the FTP
client), then there is no practical difference in security compared to
scp(1).  sftp(1) and scp(1) are very similar over the wire and
server-side: it's just the client interface that's different.

On the other hand, if you mean crusty old FTP tarted up with some SSL
trappings -- which should really be called FTPS, but lots of people are
confused about the naming -- then *run away*.  It may run over SSL, but
it has all of the design flaws of regular FTP plus the fact that it's
over SSL means you can't even use firewall proxies like ftp-proxy(8).

If you want a means of secure upload that can be used natively from
windows, try WebDAV.  You can, in theory, mount a WebDAV directory as a
partition in Windows, although this is a lot more painful than it needs
to be. (As they say: with Windows, failure is not an option).  The same
thing on a Mac works beautifully, but then it's Unix already and you can
just use sftp or scp natively from Terminal.app.  See the appendix to
the SVN manual for some useful hints:

http://svnbook.red-bean.com/en/1.5/svn-book.html#svn.webdav

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew@infracaninophile.co.uk               Kent, CT11 9PW


--------------enigE82AD68E9255BD30F0D713C6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkx3SukACgkQ8Mjk52CukIwNegCfZC97j1okM///Nk2DeGdKaUdr
WrEAn34KQZWeYMPbeGjFDAjL9J252n9f
=CgJ6
-----END PGP SIGNATURE-----

--------------enigE82AD68E9255BD30F0D713C6--