From owner-freebsd-questions@FreeBSD.ORG Fri Aug 27 08:39:35 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 07E851065696 for ; Fri, 27 Aug 2010 08:39:35 +0000 (UTC) (envelope-from kraduk@googlemail.com) Received: from mail-qw0-f54.google.com (mail-qw0-f54.google.com [209.85.216.54]) by mx1.freebsd.org (Postfix) with ESMTP id B08538FC24 for ; Fri, 27 Aug 2010 08:39:34 +0000 (UTC) Received: by qwg5 with SMTP id 5so2782157qwg.13 for ; Fri, 27 Aug 2010 01:39:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=eeZ2Gg2VsKXwMKSitlpEWXBPLz4lWg/5qumY1pPW0Vc=; b=r4l2vstbLLjpjtYayNm9lV5ZnyPLv7RgPC6P+Z825YPKTje17q21yFaH4MhRqKNDsu BHyF4b1ilWuaI6Qqs1A74VhqNiEUq982K4wNSFy5tx5xWqfxOm44BOpQTaIBPUkN4ojG Fx13u5dgd+w2XkZJiC9x2PUA/lOxYyBKi50/s= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=HGhREnnE+Ksh64POP0RxD5wdSTGNa8YLVfxPxfzAca0V0Wso6/cV+gu0MAGWye1WZV 8EWdAkPs3NSJA5Eb4VxRL8buQcLFVxbNxKjiEaysTQaSbccTcneExEKZGYH9e1CU/Hox JLBq8pHp/hOEEKvG35pafyRn4lH6ZdtQcWyA4= MIME-Version: 1.0 Received: by 10.224.104.132 with SMTP id p4mr94774qao.322.1282898374031; Fri, 27 Aug 2010 01:39:34 -0700 (PDT) Received: by 10.229.189.70 with HTTP; Fri, 27 Aug 2010 01:39:33 -0700 (PDT) In-Reply-To: <4C774AE1.2040800@infracaninophile.co.uk> References: <4C774AE1.2040800@infracaninophile.co.uk> Date: Fri, 27 Aug 2010 09:39:33 +0100 Message-ID: From: krad To: Matthew Seaman Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Ed Flecko , freebsd-questions@freebsd.org Subject: Re: Advantage -vs- Disadvantage: SFTP -vs- SCP X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Aug 2010 08:39:35 -0000 On 27 August 2010 06:19, Matthew Seaman wrote: > On 26/08/2010 23:07:35, Ed Flecko wrote: > > > I have a server I'm building that is internet accessible and I'm > > wondering if there's any advantages/disadvantages of using either SFTP > > -vs- SCP? > > > > My primary concern is overall security of the server (even if that > > means inconveniencing the end users), and I'm wondering if one method > > might be better than the other? > > It depends what you mean by SFTP. If you mean the SSH sub-system (file > transfer tunnelled over SSH using a client which works like the FTP > client), then there is no practical difference in security compared to > scp(1). sftp(1) and scp(1) are very similar over the wire and > server-side: it's just the client interface that's different. > > On the other hand, if you mean crusty old FTP tarted up with some SSL > trappings -- which should really be called FTPS, but lots of people are > confused about the naming -- then *run away*. It may run over SSL, but > it has all of the design flaws of regular FTP plus the fact that it's > over SSL means you can't even use firewall proxies like ftp-proxy(8). > > If you want a means of secure upload that can be used natively from > windows, try WebDAV. You can, in theory, mount a WebDAV directory as a > partition in Windows, although this is a lot more painful than it needs > to be. (As they say: with Windows, failure is not an option). The same > thing on a Mac works beautifully, but then it's Unix already and you can > just use sftp or scp natively from Terminal.app. See the appendix to > the SVN manual for some useful hints: > > http://svnbook.red-bean.com/en/1.5/svn-book.html#svn.webdav > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard > Flat 3 > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate > JID: matthew@infracaninophile.co.uk Kent, CT11 9PW > > SFTP is better than scp if you just want to transfer files, as the users dont have to have shell access to the box to use the openssh SFTP system. As mentioned above dont confuse sftp with ftps/ftp-ssl