Re: Improved sftp client?

From: Simon Tatham (anakin@pobox.com)
Date: 10/08/02 

From: Simon Tatham <anakin@pobox.com>
Date: 08 Oct 2002 10:53:07 +0100 (BST)

Nico Kadel-Garcia <nkadel@bellatlantic.net> wrote:
> sftp *HAS ABSOLUTELY NOTHING TO DO WITH FTP* except for it's badly assigned
> name. The command set is different, the protocol is different, and it's
> frankly not worth the disk space to build or run because it provides
> *nothing* except a poor pretense at the FTP interface. It's basically a
> funky wrapper for ssh/scp.

An alternative point of view:

SFTP is a file transfer protocol running over SSH, which has _way_
more features than SCP, and is more secure too. The SCP command-line
interface can be implemented over the SFTP protocol just as well as
over the original SCP protocol, and is in general much better if
done so.

Current interactive SFTP clients attempt to provide the security of
SSH with something like the FTP interface, and they're not there yet
but they're improving. (Current discussions on ietf-ssh are working
towards adding support for text-mode transfers, for example.)

SFTP's real strength, as I see it, is that it's by far the most
automatable of the three protocols. If you want to write code which
will connect to a remote system, read one file, decide from that
what other files to read, and so on, you can do that. If you want to
update a dbm file over SFTP, you can probably do _that_ if you're
careful - you aren't limited to sending or retrieving whole files at
a time. (Try doing that in either of SCP or FTP!)

Perhaps current SFTP clients aren't as usable as FTP clients; but
they're more secure than FTP (running over SSH) and more featureful
and more secure than SCP. If you don't happen to need that, then
fair enough; but you are not the world. I know people who already
find SFTP extremely useful, and I can only see that increasing. 

-- 
Simon Tatham         "I'm going to pull his head off. Ear by ear."
<anakin@pobox.com>                          - a games teacher

Relevant Pages

  • Re: Confusing! ssh, ssh1, ssh2, etc.
    ... > SSH Comm Corp's ssh2 uses a completely different protocol than OpenSSH's ... "The solution is to install either the OpenSSH or SSH1 version of scp on ... the server under the name "scp1," somewhere in the sshd2's PATH." ... The "sftp" program uses the sftp protocol and expects an sftp server ...
    (comp.security.ssh)
  • Re: Does sftp or scp gaurentee delivery?
    ... >> Does anyone know if scp or sftp ensures that a transfer is complete. ... which uses the rsync protocol to duplicate the files instead of the ... option to rsync. ...
    (comp.security.ssh)
  • Re: FTP partially blocked-- how to trace?
    ... something on the server to only allow secure FTP. ... I changed the protocol in WinSCP from SFTP to SCP and it ...
    (comp.security.firewalls)
  • Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwords are stored in plain text (si
    ... clients such as the OpenSSH.com groups proactive secure Secure FTP ... Right, except that SFTP isn't the RFC959 protocol that lives on ports 20/21, ... it's an entirely different protocol layered on top of the OpenSSH on port 22. ... The argument field is a Telnet string specifying the user's ...
    (Full-Disclosure)
  • Re: Does sftp or scp gaurentee delivery?
    ... > Does anyone know if scp or sftp ensures that a transfer is complete. ... > completely (such as with checksum information), ... which uses the rsync protocol to duplicate the files instead of the ...
    (comp.security.ssh)