Re: what does ssh(1) mean?
- From: Nico Kadel-Garcia <nkadel@xxxxxxxxx>
- Date: Fri, 10 Sep 2010 19:31:58 -0700 (PDT)
On Sep 10, 6:53 pm, Lew Pitcher <lpitc...@xxxxxxxxxxxx> wrote:
On September 10, 2010 18:33, in comp.security.ssh, WolfgangMeiner...@xxxxxx
the man-page of scp says[snip]
but what exactly does ssh(1) mean? Is it version 1 of ssh?
ssh(1) orignally meant "read about this use of the term 'ssh' in section 1
of The Unix Manual".
These days, it means "read about this use of the term 'ssh' by executing
the 'man' command, giving it '1' as the section, as in /man 1 ssh/"
Is it more secure to use sftp instead?
Instead of what?
Instead of scp? No, scp and sftp provide the same security; both run within
the security envelope of ssh.
It can be, but for other reasons. It's easier to configure an sftp-
only or chroot caged sftp environment than a chroot caged scp
environment. But that's not something the manual page really gets
Instead of rcp? Yes, sftp is more secure than rcp as sftp runs within the
ssh security envelope, and all interactions are secured by ssh encryption,
while rcp runs alone, without any encryption to protect it's authentication
and data transfer process.
That's a reasonable, but different question. sftp is significantly
more secure than rcp or ftp, precisely because it can not only
securely handle passwords, but also because it can use public-private
key pairs and have no local password storage on the server whatsoever,
even encrypted password storage, and force the client to have a valid
SSH key or smartcard to authenticate with. There are some ftp-like
tools these days that use SSL tunneling for similar authentication,
but really, they're not FTP anymore, and they tend to be fragile and
confused by ill-informed people with sftp, which is a distinct
protocol that merely has many of the same commands as FTP.
Unfortunately, neither scp or sftp properly handle symlinks or more
sophisticated ACL's such as the NFSv4 ACL's or Windows ACL's, which
makes them unsuitable for mirroring complex structures. Pushing and
pushing simple files, sure, they're great. Mirroring? Not so good.
- Prev by Date: Re: compile putty with certain options preselected
- Next by Date: Re: compile putty with certain options preselected
- Previous by thread: Re: what does ssh(1) mean?