0

My threats are: MitM basically, eavesdroppers

I have a Nextcloud instance and I was thinking of mounting sshfs locally and selecting local as the external storage type and then putting the data there, but is it the most secure option?

Nextcloud currently lists these options as available for external storage mounting:

  • Amazon S3
  • FTP (I'm guessing is a stupid option since not encrypted at all)
  • Local (I can use sshfs with this I'm guessing)
  • Nextcloud
  • OpenStack Object Storage
  • SFTP
  • WebDAV
  • SMB/CIFS

I've been pondering on the option of picking WebDAV, but how secure is it really? I do already use it on my phone to synchronize my Contacts, Reminders and Calendar.

Sir Muffington
  • 1,447
  • 2
  • 9
  • 22
  • *"FTP (I'm guessing is a stupid option since not encrypted at all)"* - Nextcloud supports FTPS, i.e. FTP over TLS - see https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/external_storage/ftp.html – Steffen Ullrich Sep 10 '22 at 13:53
  • S3, FTP, WebDAV all support transport protection with TLS, SFTP has transport protection with SSH. These are basically equivalent in terms of security provided by the transport encryption. SFTP with key based authentication has the advantage that there is no shared secret between client and server. And key based authentication is essentially impossible to brute force. – Steffen Ullrich Sep 10 '22 at 13:58
  • Oh, I thought with FTP they mean legacy FTP which shows the FTP commands in plaintext via Wireshark etc, and SFTP is the successor to it. Isn't SFTP and FTPS the same thing though? – Sir Muffington Sep 10 '22 at 14:17
  • 2
    FTPS is classic FTP but with added transport protection using TLS. It still has the problem of original FTP which dynamically creates new TCP connections with dynamic ports for each transfer and thus is a nightmare with firewalls in between. SFTP is file transfer using the SSH protocol - which uses the same single connection for all file transfers and thus works fine with firewalls. Totally different but easy to mix up. – Steffen Ullrich Sep 10 '22 at 14:20

0 Answers0