Re: Secure file transfer
- From: "Sebastian G." <seppi@xxxxxxxxx>
- Date: Sun, 16 Dec 2007 23:04:58 +0100
evans@xxxxxxxxxxxxxxxxxxx wrote:
In Core FTP, is it better to use AUTH SSL or SSH/SFTP?
SSL. SSH/SFTP only protects the data transfer channel, not the command channel.
This may (or not) have a bearing on it. When I connected using AUTH
SSL, the connection script said:
...
AUTH SSL
500 This security scheme is not implemented
...
It then went on with the connection. I contacted the people who are
hosting my account and the first guy said that :
"That error message is misleading, it means that the ssl cannot be
authenticated but it will still use the encryption layer."
Well, are you doing implicit or explitic SSL authentication?
In Winscp, which only uses SSH (and I have that enabled in my
account), One of the fields in the login screen is "Private Key File".
Core FTP did not have such a field. In any case, what happens if I
leave that field blank?
Nothing.
Is my password and data going out unencrypted if I have not set up a
private key?
No. It just means that the server cannot authenticate you, that is, the server doesn't know who he's talking to. A malicious user might insert commands on the command channel on your behalf without being detected.
.
- Follow-Ups:
- Re: Secure file transfer
- From: Eugene Mayevski
- Re: Secure file transfer
- From: Unruh
- Re: Secure file transfer
- From: evans
- Re: Secure file transfer
- References:
- Secure file transfer
- From: evans
- Secure file transfer
- Prev by Date: Secure file transfer
- Next by Date: Re: Secure file transfer
- Previous by thread: Secure file transfer
- Next by thread: Re: Secure file transfer
- Index(es):
Relevant Pages
|
