FTP question - sftp vs ftps, SSH versus SSL and port numbers
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
FTP question - sftp vs ftps, SSH versus SSL and port numbers
so i asked yesterday in a different post about best ftp method, so far the one response was SFTP which is ftp over SSH, which i figured was the way to go.
But i need a sanity check on information i was given.
The sender sent me a document stating they have a new ftp server with better security and in order to connect I need a client capable of FTP over SSL and also can configure for Clear Command Channel.
I go through their connection instructions and they give the host ip along with port = 22, connection drop down box = SSH/SFTP. Then underneath that there's SSL options which is grayed out but the check boxes are enabled for SSL Listings, SSL Transfer, and CCC.
so now i am confused. Initially they state it's going to be an FTPS connection right? but then the settings they are using specifically port number is SFTP is it not? help me understand what's really happening here, and why this use of CCC ?
thanks.
ftp is inherently insecure if people can access your ftp server. "Secure" ftp servers are a bitch to set up, in my experience.
stfp, ssh, and scp are all in the same family and much better security wise, but encrypt everything. If this is a home network, the encryption/decryption is a bit OTT security wise. If it's a public, attackable network, then sure use ssh/sftp.
SSL has been cracked as an encryption tool, and I have seen instructions telling people how to disable it. I don't know if it's that bad, but it's not perfect.
Port 22 is the default SSH port, and specifically choosing the protocol in your client should mean the connection will definitely be using SSH/SFTP. A lot of people get confused about the difference between SFTP and FTPS and don't even know they're separate things. As far as the check boxes, my guess would be that they're always there and are just grayed out because they don't apply to your connection once you select SSH/SFTP.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.