OpenSSH/scp ->> F-Secure SSH server Problems
Roeland Meyer
rmeyer at mhsc.com
Mon Mar 12 16:37:54 EST 2001
Then maybe their is a serious disconnect. sftp was billed, to me, as
SSH+FTP. Was that wrong?
Otherwise, what is the difference between scp and sftp? ... a user
interface that could probably be better done with a https page?
> -----Original Message-----
> From: Markus Friedl [mailto:markus.friedl at informatik.uni-erlangen.de]
> Sent: Sunday, March 11, 2001 3:50 PM
> To: Roeland Meyer
> Cc: 'ssh'; 'openssh-unix-dev at mindrot.org'
> Subject: Re: OpenSSH/scp ->> F-Secure SSH server Problems
>
>
> On Sun, Mar 11, 2001 at 01:37:34PM -0800, Roeland Meyer wrote:
> > I've been using 1.2.27 (non-com), w/ the 2.0.13 patch, for
> quite a while
> > now. It works fine, but I'd really like to have a Win32
> version of both. I
> > haven't gone to OpenSSH because of issues like what we're
> talking about here
> > (however, I use OpenSSL quite a bit). I also don't understand the
> > fascination folks have for FTP. Anything that uses non-deterministic
> > dynamically reassigned ports is fundimentally insecurable. Full
> > authentication can only be accomplished when both sides of
> the connection
> > are fully deterministic. In short, sftp ain't... FTP must
> die. If you want
> > secure files distro, use https. If you want secure file
> uploads, scp does
> > the job nicely, or a Java uploader, under https. Getting
> the SSH/FTP(sftp)
> > kludge to work only weakens SSH.
>
> this does not make sense to me.
>
> SFTP is not at all related to FTP.
>
> SFTP is not 'fundimentally insecurable'
>
> SFTP is as secure as SCP.
>
More information about the openssh-unix-dev
mailing list