sftp

Fri Jul 21 16:39:02 EST 2000

On Thu, 20 Jul 2000, Gary E. Miller wrote:

> > - data channels cannot be encrypted.
> True.  I am far more worried about my password than the data but
> this is a problem for many.  This could (should) be fixed in SSH.

The most important thing, yes.

Well, ftp is one of those "What the hell were they
thinking.. oh it was 30 years ago" protocols;
Encrypting these channels would require dynamic allocation of SSH
forwardings, or a very special FTP client which would you let you specify
the port you want to use for FTP data.

Can't be done, really.

That's what 'scp' and VPN's are for though.

> > - you have to have a working shell account as well as ftp account (I think
> > with sftp it could be restricted)
> Well, it is not called the "Secure Shell" protocol for nothing.
> Not sure why you need an "ftp account".  You do not mean an anonymous
> ftp account do you?  And ftpd only need only accept connections from
> localhost.

No.  I mean the case when when people can only use FTP (personal, chrooted
"guest" accounts), but they don't have shell access.  Obviously, then
ssh cannot be used, because those people don't have access to SSH
endpoint.

A lot of ISPs, usually, do that.  Giving out only FTP and not shell is so
much more secure.. people can't poke around the system.

I'm not sure if you'd be able to "restrict" users to specific subsystems
using ssh, but that should be a goal there.

> IMHO, the world does not need yet another file transfer protocol.

I kinda agree..

> We should fix OpenSSH to work with the file transfer protocol we have 
> to fix the rough spots.  UNIX works because it does not keep reinventing
> the wheel but instead building on prior work.

.. but when it's widely accepted that ftp isn't designed very well (damn
data channel!), this would have to be done anyway.

I think the main reason people are using SSH Inc.'s (etc.) ssh2 are the
easy, secure filetransfers (from Windows, from Unix it isn't an issue).

-- 
Pekka Savola                    "Tell me of difficulties surmounted, 
Pekka.Savola at netcore.fi          not those you stumble over and fall"