[clue-tech] sftp or ftps?
Peter Kuykendall
PeterKuykendall at hotmail.com
Thu Feb 8 10:52:56 MST 2007
Angelo Bertolli wrote:
> I was wondering if anyone knew how I could do transfers of large data
> without encryption but still keep passwords encrypted? It looks like
> sftp encrypts everything, and ftps gives the option of "command channel
> or data channel encryption." But nothing is really mentioned about the
> initial authentication.
>
> Angelo
>
There's a pretty good article at
http://en.wikipedia.org/wiki/SSH_file_transfer_protocol. It includes
pointers to more info for various secure file transfer protocols.
SCP and SFTP rely on SSH2 authentication (or more precisely, the
underlying secure channel, which is almost always SSH2).
It's worth firing up Wireshark and launching a file transfer to observe
what is going on. No passwords are going out in the clear.
My understanding is that FTPS relies on TLS / SSL authentication. But
since I never use it, I've never looked too deeply into it.
At work I'm saddled with a Windoze machine. I've had very good luck
with Bitvise Tunnelier, which is an SSH2 / SCP / SFTP client. It is
very easy to set up a SOCKS proxy over the SSH2 tunnel with it and do
other configuration via GUI. It's free for personal use, and has a
small licensing fee for corporate use.
--
Pete
More information about the clue-tech
mailing list