Benefits of tunneling on an unrestricted network for SFTP purposes

If SFTP is already secured with SSH-2 without tunneling enabled, then what additional security benefit does tunneling give for SFTP purposes? Tunneling seems to be useful only as a proxy for SFTP purposes, and my home network has no access restrictions put on it by the host provider holding the files.

Does this mean that I only need tunneling in a public network that could be restricted from accessing the website files held by the host provider? Or is tunneling beneficial even in an unrestricted home network - or does it just create unnecessary overhead?

Trekker

Posted 2014-09-03T23:13:03.247

Reputation: 80

Please provide a sample of how you would tunnel. When replacing addresses or host names, please replace all occurrences with the same value, otherwise it's pointless. – Daniel B – 2014-09-03T23:22:45.100

I don't understand what you are saying. In this case, I would be using WinSCP, a popular program that can use the SFTP protocol to access / manage remote files held by my Bluehost website hosting account. I am confused as to whether tunneling has SFTP benefits beyond that of acting as a proxy from a restricted network. And I need to know if using tunneling will add unnecessary overhead (such as when backing up files) if all I'm doing is managing my website files remotely from an unrestricted home network. – Trekker – 2014-09-04T00:26:22.420

1Actually, it’s completely useless for restricted networks. If you can’t SFTP, you can’t SSH. It may, however, be necessary, if the server you’re trying to reach is on an internal network where another server acts as a gateway. That doesn’t seem to be the case with Bluehost, though. – Daniel B – 2014-09-04T05:27:32.810

@DanielB When you say "it", are you referring to tunneling? Can you describe why restricted networks would prevent SFTP? – Trekker – 2014-09-06T20:38:24.780

Yes, I’m referring to tunneling. Dunno. Because overzealous admins block everything but port 80? Point being: If SSH connections work, so does SFTP. – Daniel B – 2014-09-06T20:57:53.223

Answers

SFTP uses SSH to transfer files securely, hence you are already using an SSH secured connection when using SFTP. Therefore, there is no benefit to additionally using an SSH tunnel for SFTP traffic, it will just add unnecessary overhead. If you were to use plain FTP (or any other unsecured protocol), then tunneling that protocol over SSH would be a good move from a security perspective (and it adds a little compression by default too, as a bonus), with SFTP that is taken care of already.

Adam C

Posted 2014-09-03T23:13:03.247

Reputation: 2 475

Makes perfect sense. Thanks for a very direct answer to my questions. – Trekker – 2014-09-06T01:11:43.597

SSH tunneling, when used to tunnel an already encrypted connection (another SSH/SFTP connection), is a kind of proxy only. There's no additional security (well actually encrypting twice gives some additional security, but it's not really the point).

Typically this is used when you need to access a server A that cannot be accessed directly from your machine. But you have an access to a server B that can access the server A. Than you tunnel through the server B to the server A.

Martin Prikryl

Posted 2014-09-03T23:13:03.247

Reputation: 13 764

I recognized your name when I saw it. :) What you are saying also makes sense. I'm new to SFTP and tunneling, so it takes time for me to wrap my head around some concepts. Thanks. – Trekker – 2014-09-06T01:15:05.050