SFTP without tunneling?

0

1

I am using WinSCP 5.5.5, which gives the user the choice of FTP, SFTP, SCP protocols for remote access to website files. I chose to use SFTP.

My questions (indicated in bold numbers):

1. My understanding of SSH is that it requires a tunnel be used so that passwords and data can be encrypted. SSH can also be called 'tunneling'. Correct?

2. I assume that SFTP means SSH is added to FTP. Tunneling is required for it to be called SFTP, otherwise it's just FTP. Correct?

Two things happened with WinSCP:

  • I filled out SFTP session login details, and tried to login without going to "Advanced..." to enable SSH Tunnel settings. The connection went through without mention of any tunneling.

3. This confused me because I had chosen SFTP (FTP is an option of its own and comes with a separate "Advanced..."). Was I still using SFTP due to the lack of tunneling? Or is SFTP without tunneling actually FTP? Was encryption present, or does it require tunneling?

  • Next, I went to "Advanced..." > Connection > Tunnel > Connect through SSH Tunnel and marked that box to enable tunneling. Then upon re-connecting, it mentions I connected through a tunnel.

4. Okay. Is enabling the tunnel required for SFTP to, in fact, be SFTP? Or am I doing something like double encryption (adding extra overhead)?

Sorry about all the interrelated questions.

Trekker

Posted 2014-09-03T11:27:00.637

Reputation: 80

SSH tunneling means that you can open tunnels over a TCP port. You could tunnel FTP port and do FTP over a SSH tunnel (if you also have a FTP daemon running on the server), but that would be technically different than SFTP anyway. – LatinSuD – 2014-09-03T18:05:49.887

tunneling is when you use ssh -L or ssh -R Try cygwin's ssh so command line if you seek more understanding and like or are ok with the command line – barlop – 2014-09-03T18:45:22.597

@LatinSuD I've learned a few new things since posting the question. I understand now that FTP with a SSH tunnel is technically different from SFTP. Thanks for clarifying. – Trekker – 2014-09-06T01:19:49.560

@barlop Good suggestion. Also I'll check into what the -L and -R mean. – Trekker – 2014-09-06T01:21:07.863

@Trekker this may help http://superuser.com/questions/802756/ssh-tunneling-in-laymans-term/804430#804430 see the paragraph that starts "There is a concept in SSH of local port forwarding, and remote port forwarding(reverse tunnel). "

– barlop – 2014-09-06T11:31:53.137

@barlop sorry to have not replied until now. I was very busy all week. But I read through everything at the link you provided, and there are still some network concepts (such as what VNC is) I'll neeed to understand before I can fully understand your answer. I read your answer very slowly and understood at least some of it, especially how the escapulated protocol and ssh tunneling work for the four computers (A, B, C, D). I'd have raised your answer there by one but I don't have a rep of 15 in superuser yet. Anyway, the link is very appreciated and has been helpful. :) – Trekker – 2014-09-14T12:50:24.810

@Trekker no problem. VNC is just an example of an encapsulated protocol, it's quite useful,it lets you view another computer's screen like 'remote desktop'.though some prefer other methods of viewing another desktop. Another example of a protocol that could be the encapsulated protocol is SMTP or POP3.u can have an SMTP client(an email client e.g.outlook express or whatever) and an SMTP server(your ISP's).And use them. Or (if you learn it) even the linux's nc command or nc in cygwin in windows, can send data to a server(nc ip port) or be a server and receive raw data(nc -l -p 123) or nc -l 123 – barlop – 2014-09-14T15:07:29.403

so, whatever protocol you're familiar with, you can point the client side of the app for that protocol(e.g. outlook being smtp client), you can point that to the listening port of the tunnel, and have set the tunnel to forward to the server side of your protocol(your ISP's SMTP Server). Windows remote desktop could be sent through an SSH tunnel. (even windows file sharing can apparently). – barlop – 2014-09-14T15:31:41.710

@barlop I use TeamViewer and am not sure if that uses VNC, and if there are any advantages to open source VNC clients (other than it being open source) instead of TeamViewer? I also use Claws Mail as a desktop email client; have configured IMAP4 protocol (including SMTP) with SSH enabled for my needs. – Trekker – 2014-09-15T01:06:41.393

Answers

5

My understanding of SSH is that it requires a tunnel be used so that passwords and data can be encrypted. SSH can also be called 'tunneling'. Correct?

SSH means "Secure shell". It's actually a multiplexed protocol with different functionalities (remote shell, file transfer, tunneling, etc.) all packed into the same connection.

I assume that SFTP means SSH is added to FTP. Tunneling is required for it to be called SFTP, otherwise it's just FTP. Correct?

You assume incorrectly. SFTP and FTP have nothing in common except for 3 letters and the fact that they both can be used to transfer files. Beyond that, they are different protocols with different implementations.

Tunneling, shell and SFTP are three different functionalities of the SSH protocol and can be enabled and disabled individually: you can allow shell and SFTP but not tunneling. You do not need tunneling for using SFTP/SCP.

Stephane

Posted 2014-09-03T11:27:00.637

Reputation: 391

Good to know more about the different functionalities of SSH. I believe it's important to learn things one step at a time, so thanks. Answer accepted. – Trekker – 2014-09-06T01:26:25.570

Asked: 2014-09-03T11:27:00.637

Viewed: 514 times

Active: 2014-09-04T08:55:47.700