AUTH with TLS / Data Connection unsecure :: Support Forum

Frank Walther Guest

AUTH with TLS / Data Connection unsecure

2004-07-01 10:54

Hello,

at first I a have too say THANK YOU! I use WinSCP as a scp frontend a few weeks and it is very cool.

But now I have to connect to a SFTP-Server and I tried to check it out with WinSCP, but it fails. At first I thought the account pw is wrong and I tried SmartFTP and it works fine. So I asked the admin what could be different and he told me only that SFTP-Server is configured with a secure AUTH with TLS and the data connection is unsecured. I read a while about SFTP in some newsgroups and it seems to me, that there are some differences in implementation of SFTP.

I like to ask now, if I could use this kind of configuration with WinSCP? And if yes, how?

Thanks for your support.

Frank

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,441
Location:: Prague, Czechia

Re: AUTH with TLS / Data Connection unsecure

2004-07-02

WinSCP supports only SFTP over SSH (encrypted data channel), which what it was designed for. TLS is not supported. In fact so far I haven't heard of any such SFTP implementation.

Reply with quote

Guest

Re: AUTH with TLS / Data Connection unsecure

2004-07-02 12:11

Hi Martin,

okay, it seems to be strange - as i thought.
I will ask the admin why he choosed this way of implementation of SFTP.

I have found a forum of a bigger german isp and they use same method because of traffic accounting issues. Perhaps they want security for passwords etc. on command channel and traffic accounting on data channel.
[If you like have a look at <invalid hyperlink removed by admin> - it is german, but babelfish ist your friend].

I hoped too use only one client in future, but a strange implementation does not become better if it is used often.
:?

Thanks and greetings to praha.

Frank.

Reply with quote

Guest

Re: AUTH with TLS / Data Connection unsecure

2006-08-29 19:11

Frank Walther wrote:

... and he told me only that SFTP-Server is configured with a secure AUTH with TLS and the data connection is unsecured ...

That is not SFTP but encrypted FTP (FTPS), which has nothing to do with SFTP except for the similar name.

Background:
In FTP, a control connection is used for the commands the client sends to the server (e.g. "list directory") and the status codes the server sends back (e.g. "file doesnt exist"), while separate data connections are used for each transfer of directory listings or the files you download and upload.

In your case, the server encrypts the control connection, but not the data connections.

https://en.wikipedia.org/wiki/File_Transfer_Protocol
https://en.wikipedia.org/wiki/FTPS
https://en.wikipedia.org/wiki/FTPS

Reply with quote