OpenSSH/scp ->> F-Secure SSH server Problems

Markus Friedl markus.friedl at informatik.uni-erlangen.de
Mon Mar 12 10:49:33 EST 2001


On Sun, Mar 11, 2001 at 01:37:34PM -0800, Roeland Meyer wrote:
> I've been using 1.2.27 (non-com), w/ the 2.0.13 patch, for quite a while
> now. It works fine, but I'd really like to have a Win32 version of both. I
> haven't gone to OpenSSH because of issues like what we're talking about here
> (however, I use OpenSSL quite a bit). I also don't understand the
> fascination folks have for FTP. Anything that uses non-deterministic
> dynamically reassigned ports is fundimentally insecurable. Full
> authentication can only be accomplished when both sides of the connection
> are fully deterministic. In short, sftp ain't... FTP must die. If you want
> secure files distro, use https. If you want secure file uploads, scp does
> the job nicely, or a Java uploader, under https. Getting the SSH/FTP(sftp)
> kludge to work only weakens SSH.

this does not make sense to me.

SFTP is not at all related to FTP.

SFTP is not 'fundimentally insecurable'

SFTP is as secure as SCP.





More information about the openssh-unix-dev mailing list