Mike Cunningham wrote on 17/11/2006 08:41:23 AM:
My understanding of it is that sFTP is to FTP like HTTPS is to HTTP. All
data passing over FTP is in clear text. Data passing over sFTP is
Which leads me to believe that some sort of key exchange is required to do
userid/password authentication, as well as non-interactive authentication.
So does that mean that keys need to be set up either way?
Like https, sftp will verify the host key, but there is no requirement
for a client key. The user/pass is encrypted when sent to the server.
A client key replaces the password but not the user.