Highest Voted 'sftp' Questions - IT Security Stack Exchange

97

votes

7 answers

Does FTPS (FTP+S) offer better security than SFTP on the server side?

I had an exchange with some third party sysadmin yesterday regarding the setup of a file transfer interface between our servers. I suggested using SFTP because our application has good support for it. My interlocutor absolutely wants FTP+S (FTP+TLS)…

ssh ftp sftp

asked Apr 28 '16 at 07:47

Stéphane C.

972
1
7
8

12

votes

5 answers

How insecure is FTP?

Okay, we know the drill: don't use FTP, use SFTP or FTPS. But what exactly is the risk being posed? The files themselves are sent unencrypted, and this may be fine, or disastrous, depending on what the code in them contains. But, if we're dealing…

encryption file-upload ftp sftp

asked Aug 19 '18 at 20:03

Stumbler

503
4
7

5

votes

2 answers

download file/folder anonymously on a ssh session

I rent a paid VPS hosted online and want to transform it to a sort of treasure chest where I can upload and download files privately. For this purpose I want to do this operation over the Tor network. This is done automatically when you download…

ssh tor sftp

asked Sep 01 '15 at 11:41

cgcmake

488
1
4
8

4

votes

3 answers

SFTP on Windows - is it likely to be disabled?

I'm a software engineer and I'm maintaining a product that allows a user to run commands and scripts on Linux servers via an SSH connection. We now need to extend this functionality onto Windows. We have a working solution, using freeSSHd on the…

windows ssh sftp

asked Jul 03 '15 at 17:31

Jeedee

143
1
5

4

votes

1 answer

SFTP or FTP through VPN?

I'm struggling to find out whether or not I should set up SFTP since I already connect to the internet using a secure VPN. Is the security using FTP through a VPN (using OpenVPN, more specifically https://mullvad.net) as secure as SFTP?

vpn ftp sftp

asked Dec 19 '14 at 11:13

user2026991

111
1
2
5

4

votes

2 answers

How does a client authenticate an SFTP server if there are no keys shared in advance?

For FTPS, we rely on the DNS and public PKI to authenticate the FTP server when we first connect. On the first connection, foo.example.com resolves to 1.2.3.4 and my connection comes back encrypted by a private key that I can validate is truly owned…

ssh ftp sftp

asked Nov 10 '17 at 13:56

Jaxidian

143
1
5

4

votes

3 answers

Is it safe to use this embedded ftp server?

We are using a software suite for automation of FTP traffic. It uses the Apache Mina FtServer component as an embedded FTP server (for FTPS and SFTP). The use of this library has been flagged as a security concern. The reasoning given was the age of…

penetration-test apache opensource ftp sftp

asked Jul 13 '17 at 14:29

oɔɯǝɹ

528
2
6
18

4

votes

2 answers

How to secure SFTP against symlink attack?

I've configured SFTP on my virtual machine, because I wanted to test how can I use symlink in order to access files outside from user home directory. I've created user: test:x:1003:1001::/var/www/test/public:/bin/false Ownership and…

sftp symlink

asked Mar 16 '17 at 10:42

Mirsad

10,005
8
33
53

4

votes

3 answers

Mutual authentication of SFTP server

We can use public/private key pairs for client authentication when connecting to a SFTP server. Can we also have mutual authentication so the client also verifies a public key from the server? Both my client and SFTP server are Linux boxes. I used…

authentication linux sftp

asked May 04 '16 at 00:42

J.Doe

41
1
2

4

votes

2 answers

Is it safe to expose a logging socket endpoint in a chrooted environment?

I'm trying to set up a file transfer server, which needs to be secured and logged. FTP was suggested, but that feels outdated so I automatically translated that to SFTP (OpenSSH) in my head. Using match I can select which users can use the…

logging unix openssh sftp

asked Sep 24 '15 at 20:51

azzid

143
4

3

votes

3 answers

Is SFTP vulnerable to brute force, bounce, spoof, sniffing and port stealing?

I have been researching FTP and noted that using FTP means you are vulnerable to these types of attacks. I have been looking for an safer alternative and came across SFTP. Is SFTP still vulnerable to these types of attacks?

attacks ftp sftp

asked Apr 13 '16 at 17:05

Kōdo no musō-ka

315
4
11

3

votes

2 answers

Setting up SFTP at Production Server is a Risk?

There is a requirement to setup a SFTP server. This will be used by some of user b2b agents to upload files. Such kind of setup is always doubtfully risky in production environment where user can upload the malicious content, I am not sure how this…

ftp sftp

asked Apr 11 '16 at 13:01

Shritam Bhowmick

1,602
14
28

2

votes

1 answer

Is a SSH key required for SFTP?

Since SFTP stands for SSH + FTP, I assume I always should create a SSH key pair for it, however, I see in my client configuration that that is optional. That is applicable for both server-side and client-side SSH key pair.

sftp ssh-host-key

asked Oct 30 '18 at 15:13

Jamo

143
5

2

votes

0 answers

FileZilla and private key with passphrase

I know filezilla can work with pageant for private keys protected with a passphrase, however can you use fileszilla with a private key that is protected with a passphrase without using pageant? I am talking about Filezilla 3.26.2 Many thanks.

sftp

asked Feb 22 '18 at 18:59

Urban Gemz

21
2

2

votes

2 answers

Permissions for configuration file for program run as root that must be modifiable by SFTP

A shell script (myscript) will be run as root, by cron. It reads IP addresses from a configuration file, and updates iptables to whitelist those IPs for inbound connections. myscript uses a regexp (regular expression) to parse the configuration file…

linux permissions configuration unix sftp

asked Jan 20 '18 at 04:09

sampablokuper

1,961
1
19
33

Questions tagged [sftp]