Topic "sftp vs. ftp tunneled through ssh"

Author Message
zskillz

Guest


Hey all, I couldn't think of a better place to ask this really. In reading up on how sftp works, it seems that a common problem/complaint is that there is no way to chroot users to a specific directory. I would really like to have the functionality/power or normal FTP and the security of ssh.

I'm sure it's possible to just tunnel FTP through ssh (both the communications and data channels), but I'm curious why I don't see more people doing this.

thoughts?

-Z
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
zskillz wrote:
Hey all, I couldn't think of a better place to ask this really. In reading up on how sftp works, it seems that a common problem/complaint is that there is no way to chroot users to a specific directory.

But it is not limitation of SFTP. It is limitation of the most used SFTP server, the one shipped with OpenSSH. Commercial SFTP servers allow this.

Quote:
I'm sure it's possible to just tunnel FTP through ssh (both the communications and data channels), but I'm curious why I don't see more people doing this.

I haven't heard of this. FTP is usually tunneled thru SSL. I do not know if it has any reason or if it is just custom.
_________________
Martin Prikryl
Birdie
[View user's profile]

Joined: 2005-04-05
Posts: 3
SSL: I think this is done because SSL can set up a secure connection for you without requiring a log-in. (Authentication is based on the SSL certificate.)

SSH: You'll still have to log on to SSH first, no? So either you chroot that SSH access to a specific directory and the problem doesn't occur, or you don't and you give the user access anyway. Or can you somehow force him / her to only use that SSH connection to subsequently start an FTP session over it?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Birdie wrote:
SSH: You'll still have to log on to SSH first, no? So either you chroot that SSH access to a specific directory and the problem doesn't occur, or you don't and you give the user access anyway.

Sure, but OpenSSH does not allow this AFAIK.

Quote:
Or can you somehow force him / her to only use that SSH connection to subsequently start an FTP session over it?

I don't understand this.
_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License