SSH File Transfer Protocol is a network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream.
Questions tagged [sftp]
66 questions
97
votes
7 answers
Does FTPS (FTP+S) offer better security than SFTP on the server side?
I had an exchange with some third party sysadmin yesterday regarding the setup of a file transfer interface between our servers.
I suggested using SFTP because our application has good support for it. My interlocutor absolutely wants FTP+S (FTP+TLS)…
Stéphane C.
- 972
- 1
- 7
- 8
12
votes
5 answers
How insecure is FTP?
Okay, we know the drill: don't use FTP, use SFTP or FTPS.
But what exactly is the risk being posed? The files themselves are sent unencrypted, and this may be fine, or disastrous, depending on what the code in them contains. But, if we're dealing…
Stumbler
- 503
- 4
- 7
5
votes
2 answers
download file/folder anonymously on a ssh session
I rent a paid VPS hosted online and want to transform it to a sort of treasure chest where I can upload and download files privately. For this purpose I want to do this operation over the Tor network. This is done automatically when you download…
cgcmake
- 488
- 1
- 4
- 8
4
votes
3 answers
SFTP on Windows - is it likely to be disabled?
I'm a software engineer and I'm maintaining a product that allows a user to run commands and scripts on Linux servers via an SSH connection. We now need to extend this functionality onto Windows.
We have a working solution, using freeSSHd on the…
Jeedee
- 143
- 1
- 5
4
votes
1 answer
SFTP or FTP through VPN?
I'm struggling to find out whether or not I should set up SFTP since I already connect to the internet using a secure VPN.
Is the security using FTP through a VPN (using OpenVPN, more specifically https://mullvad.net) as secure as SFTP?
user2026991
- 111
- 1
- 2
- 5
4
votes
2 answers
How does a client authenticate an SFTP server if there are no keys shared in advance?
For FTPS, we rely on the DNS and public PKI to authenticate the FTP server when we first connect. On the first connection, foo.example.com resolves to 1.2.3.4 and my connection comes back encrypted by a private key that I can validate is truly owned…
Jaxidian
- 143
- 1
- 5
4
votes
3 answers
Is it safe to use this embedded ftp server?
We are using a software suite for automation of FTP traffic. It uses the Apache Mina FtServer component as an embedded FTP server (for FTPS and SFTP).
The use of this library has been flagged as a security concern. The reasoning given was the age of…
oɔɯǝɹ
- 528
- 2
- 6
- 18
4
votes
2 answers
How to secure SFTP against symlink attack?
I've configured SFTP on my virtual machine, because I wanted to test how can I use symlink in order to access files outside from user home directory.
I've created user:
test:x:1003:1001::/var/www/test/public:/bin/false
Ownership and…
Mirsad
- 10,005
- 8
- 33
- 53
4
votes
3 answers
Mutual authentication of SFTP server
We can use public/private key pairs for client authentication when connecting to a SFTP server. Can we also have mutual authentication so the client also verifies a public key from the server?
Both my client and SFTP server are Linux boxes. I used…
J.Doe
- 41
- 1
- 2
4
votes
2 answers
Is it safe to expose a logging socket endpoint in a chrooted environment?
I'm trying to set up a file transfer server, which needs to be secured and logged. FTP was suggested, but that feels outdated so I automatically translated that to SFTP (OpenSSH) in my head.
Using match I can select which users can use the…
azzid
- 143
- 4
3
votes
3 answers
Is SFTP vulnerable to brute force, bounce, spoof, sniffing and port stealing?
I have been researching FTP and noted that using FTP means you are vulnerable to these types of attacks. I have been looking for an safer alternative and came across SFTP. Is SFTP still vulnerable to these types of attacks?
Kōdo no musō-ka
- 315
- 4
- 11
3
votes
2 answers
Setting up SFTP at Production Server is a Risk?
There is a requirement to setup a SFTP server. This will be used by some of user b2b agents to upload files.
Such kind of setup is always doubtfully risky in production environment where user can upload the malicious content, I am not sure how this…
Shritam Bhowmick
- 1,602
- 14
- 28
2
votes
1 answer
Is a SSH key required for SFTP?
Since SFTP stands for SSH + FTP, I assume I always should create a SSH key pair for it, however, I see in my client configuration that that is optional.
That is applicable for both server-side and client-side SSH key pair.
Jamo
- 143
- 5
2
votes
0 answers
FileZilla and private key with passphrase
I know filezilla can work with pageant for private keys protected with a passphrase, however can you use fileszilla with a private key that is protected with a passphrase without using pageant? I am talking about Filezilla 3.26.2
Many thanks.
Urban Gemz
- 21
- 2
2
votes
2 answers
Permissions for configuration file for program run as root that must be modifiable by SFTP
A shell script (myscript) will be run as root, by cron. It reads IP addresses from a configuration file, and updates iptables to whitelist those IPs for inbound connections.
myscript uses a regexp (regular expression) to parse the configuration file…
sampablokuper
- 1,961
- 1
- 19
- 33