Mike Cunningham wrote on 17/11/2006 08:41:23 AM:My understanding of it is that sFTP is to FTP like HTTPS is to HTTP. All data passing over FTP is in clear text. Data passing over sFTP is encrypted.Which leads me to believe that some sort of key exchange is required to do userid/password authentication, as well as non-interactive authentication. So does that mean that keys need to be set up either way?
Like https, sftp will verify the host key, but there is no requirement for a client key. The user/pass is encrypted when sent to the server. A client key replaces the password but not the user.
This mailing list archive is Copyright 1997-2013 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact