Re: what does ssh(1) mean?

From: Nico Kadel-Garcia <nkadel@xxxxxxxxx>
Date: Fri, 10 Sep 2010 19:31:58 -0700 (PDT)

On Sep 10, 6:53 pm, Lew Pitcher <lpitc...@xxxxxxxxxxxx> wrote:

On September 10, 2010 18:33, in comp.security.ssh, WolfgangMeiner...@xxxxxx
wrote:

Hello,

the man-page of scp says

[snip]

but what exactly does ssh(1) mean? Is it version 1 of ssh?

ssh(1) orignally meant "read about this use of the term 'ssh' in section 1
of The Unix Manual".

These days, it means "read about this use of the term 'ssh' by executing
the 'man' command, giving it '1' as the section, as in /man 1 ssh/"

Is it more secure to use sftp instead?

Instead of what?

Instead of scp? No, scp and sftp provide the same security; both run within
the security envelope of ssh.

It can be, but for other reasons. It's easier to configure an sftp-
only or chroot caged sftp environment than a chroot caged scp
environment. But that's not something the manual page really gets
into.

Instead of rcp? Yes, sftp is more secure than rcp as sftp runs within the
ssh security envelope, and all interactions are secured by ssh encryption,
while rcp runs alone, without any encryption to protect it's authentication
and data transfer process.

That's a reasonable, but different question. sftp is significantly
more secure than rcp or ftp, precisely because it can not only
securely handle passwords, but also because it can use public-private
key pairs and have no local password storage on the server whatsoever,
even encrypted password storage, and force the client to have a valid
SSH key or smartcard to authenticate with. There are some ftp-like
tools these days that use SSL tunneling for similar authentication,
but really, they're not FTP anymore, and they tend to be fragile and
confused by ill-informed people with sftp, which is a distinct
protocol that merely has many of the same commands as FTP.

Unfortunately, neither scp or sftp properly handle symlinks or more
sophisticated ACL's such as the NFSv4 ACL's or Windows ACL's, which
makes them unsuitable for mirroring complex structures. Pushing and
pushing simple files, sure, they're great. Mirroring? Not so good.
.

References:
- what does ssh(1) mean?
  - From: Wolfgang Meiners
- Re: what does ssh(1) mean?
  - From: Lew Pitcher

Prev by Date: Re: compile putty with certain options preselected
Next by Date: Re: compile putty with certain options preselected
Previous by thread: Re: what does ssh(1) mean?
Index(es):
- Date
- Thread

Relevant Pages

Re: FTP Encryption
... SSH as a transport in different ways, ... OpenSSH's sftp certainly doesn't use scp in any way. ... operating systems system files. ...
(comp.security.ssh)
Re: Is SSH worth it??
... > We would be using SSH and SCP. ... SCP for automated scripts. ... > client will not be prompted for a password. ... remote machine, but imho it is better to swap client+server and give ...
(Security-Basics)
Re: Linux FTP Security
... Use SSH and scp, sftp ext... ... Allowing root to login to the ftp server is ...
(comp.os.linux.security)
Re: Does OpenSSH use RCP?
... > with someone about the difference between OpenSSH and SFTP. ... > SFTP) than SCP will fail. ... OpenSSH uses an implementation that is compatible to the original SSH ...
(comp.security.unix)
Re: Distinguishing ssh-logins from sftp-logins
... I've got a case concerning sftp and ssh. ... With unix/linux sshd servers, when you connect with scp it effectivley connects with ssh and runs the servers scp command. ...
(comp.security.ssh)