× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Steve Bireley wrote:
SFTP (FTP with SSH) is available on the i at extra cost.

Wrong. SFTP (OpenSSH) has always been free. It was first available for V5R3, and had to be ordered separately. Starting with V5R4, it's also shipped with the OS -- no special order necesssary.


FTPS and SFTP are equally secure when properly implemented. FTPS uses
two ports which can cause some challenges getting through firewalls.

It's not because it uses "two ports". Each file transfer negotiates a port number (which might result in many ports -- one for each transfer.) But the big problem is that it negotates the file transfer port at run-time and communicates the negotiated information through the socket. That means that a firewall has to allow all potential ports through, or needs to be adapted at run-time to open the port as FTP negotiates it.
In order to do the latter, the firewall has to be able to read what is sent over the socket -- which is not possible when it's encrypted by SSL.

Worse is NAT routers (which aren't, strictly speaking, firewalls - though they often are bundled together). NAT needs to be able to change the address/port in the packet on the fly. If the data is encrypted, it doesn't know what to change it to. Regular FTP has always been tough through a firewall, but SSL FTP is much tougher due to the fact that an appliance can't see what is sent.


You say the two are equally secure... and cryptographically, that's true. However, many folks end up disabling cryptography for part of the transfer with SSL FTP in order to make it work through a firewall -- making it less secure. Or, they end up opening up wide ranges of ports on the firewalls.

So while they might be "equally secure" in a perfect world -- in practice, SSH is more secure.

SSH has none of these problems, it always runs on one port (usually 22).

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.