Issues with SFTP
Dan Astoorian
djast at cs.toronto.edu
Thu Jan 31 05:09:27 EST 2002
On Tue, 29 Jan 2002 19:17:04 EST, Tomas Svensson writes:
[ Tobias Ringstrom <tori at ringstrom.mine.nu> writes:]
> >> How do you specify the destination?
[...]
> I think specifying it as a part of the username would be lot better
[...]
Well, you'd need to deal with ssh's prompts for authentication (e.g.,
passphrases) somehow.
If you want to write the code, by all means do it any way you see fit. :-)
AppGate MindTerm (which has the only existing ftp->sftp proxy I'm aware
of) works the way I've described. Most firewall products which
implement (non-transparent) FTP proxying use other methods, including
the one described by Tomas. FWIW, the current NcFTP client's firewall
support implements about six different variations on that theme. I
don't really want to generate further noise on openssh-unix-dev
speculating about whether one approach is better than others unless
there's someone listening who's ready, willing, and able to turn design
into code.
The question I was trying to raise here was whether it might make sense
to put coding effort into creating such a proxy _instead of_ loading up
the sftp client's UI with features, since there seem to be a lot of
opinions on exactly what features the OpenSSH sftp client "should" have.
Let's decide on "if" before we spend a lot of time on "how," yes?
--
Dan Astoorian People shouldn't think that it's better to have
Sysadmin, CSLab loved and lost than never loved at all. It's
djast at cs.toronto.edu not, it's better to have loved and won. All
www.cs.toronto.edu/~djast/ the other options really suck. --Dan Redican
More information about the openssh-unix-dev
mailing list