Re: Secure file transfer

---

• From: Gerald Vogt <vogt@xxxxxxxxxxx>
• Date: Sun, 16 Dec 2007 17:12:14 -0800 (PST)

---

On Dec 17, 10:02 am, "Sebastian G." <se...@xxxxxxxxx> wrote:

ev...@xxxxxxxxxxxxxxxxxxx wrote:

On Dec 16, 5:04 pm, "Sebastian G." <se...@xxxxxxxxx> wrote:

ev...@xxxxxxxxxxxxxxxxxxx wrote:

In Core FTP, is it better to use AUTH SSL or SSH/SFTP?

SSL. SSH/SFTP only protects the data transfer channel, not the command channel.

I don't know enough about it to understand how that addresses which is
better to use.

SSL encrypts and authenticates both command and data channel, SSH/SFTP only
the latter. The consequence is that authentication credentials on SFTP
session are transfered in clear text and can be easily sniffed. And since no
authentication takes places, and attacker can insert arbitrary commands or
replys.

Is this a Core FTP specific thing? That standard sftp client which
comes with ssh packages like openssh transfers everything (command and
data) through a SSH link. AFAIK it does not even use the FTP protocol.

Gerald
.

---

• Follow-Ups:
  • Re: Secure file transfer
    • From: Sebastian G.

• References:
  • Secure file transfer
    • From: evans
  • Re: Secure file transfer
    • From: Sebastian G.
  • Re: Secure file transfer
    • From: evans
  • Re: Secure file transfer
    • From: Sebastian G.

• Prev by Date: Re: Secure file transfer
• Next by Date: Re: Secure file transfer
• Previous by thread: Re: Secure file transfer
• Next by thread: Re: Secure file transfer
• Index(es):
  • Date
  • Thread

---

Relevant Pages [SLE] kio_sftp does not work ... I can use command line sftp to my box, ... The configuration /etc/ssh and sshd_config and pam.d/sshd ... (SuSE) Re: How about UserRPL command to store "bare" text to SD? ... just as with Kermit transfers. ... a string directly to the SD card, verbatim, ... whose function is simply "store this literal string to that file" ... a more basic and universal "store this literal string as a file" command. ... (comp.sys.hp48) RE: sftp-server on solaris8 ... command was failing to execute the command "ksh -c ... It seems to me that SSH and SFTP are having trouble talking remotely... ... anti-virus service working around the clock, around the globe, visit: ... (SSH) Re: Need help securing SFTP inbound (virtual root equivalent) ... "ron" schreef in bericht ... > Installed Openssl and ssh and have setup public key authentication. ... > Looking to automate an inbound file transfer using SFTP. ... (comp.unix.aix) Re: SFTP GET COMMAND QUESTION ... Subject: SFTP GET COMMAND QUESTION ... Look at z/os client parameters TRAILINGBLANKS, TRUNCATE, and WRAPRECORD. ... the end of line character. ... (bit.listserv.ibm-main)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.misc  > 2007-12