sftp vs. ftp tunneled through ssh

Advertisement

zskillz
Guest

sftp vs. ftp tunneled through ssh

Hey all, I couldn't think of a better place to ask this really. In reading up on how sftp works, it seems that a common problem/complaint is that there is no way to chroot users to a specific directory. I would really like to have the functionality/power or normal FTP and the security of ssh.

I'm sure it's possible to just tunnel FTP through ssh (both the communications and data channels), but I'm curious why I don't see more people doing this.

thoughts?

-Z

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
27,271
Location:
Prague, Czechia

Re: sftp vs. ftp tunneled through ssh

zskillz wrote:

Hey all, I couldn't think of a better place to ask this really. In reading up on how sftp works, it seems that a common problem/complaint is that there is no way to chroot users to a specific directory.
But it is not limitation of SFTP. It is limitation of the most used SFTP server, the one shipped with OpenSSH. Commercial SFTP servers allow this.

I'm sure it's possible to just tunnel FTP through ssh (both the communications and data channels), but I'm curious why I don't see more people doing this.
I haven't heard of this. FTP is usually tunneled thru SSL. I do not know if it has any reason or if it is just custom.
_________________
Martin Prikryl

Reply with quote

Birdie
Joined:
Posts:
3

SSL: I think this is done because SSL can set up a secure connection for you without requiring a log-in. (Authentication is based on the SSL certificate.)

SSH: You'll still have to log on to SSH first, no? So either you chroot that SSH access to a specific directory and the problem doesn't occur, or you don't and you give the user access anyway. Or can you somehow force him / her to only use that SSH connection to subsequently start an FTP session over it?

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,271
Location:
Prague, Czechia

Birdie wrote:

SSH: You'll still have to log on to SSH first, no? So either you chroot that SSH access to a specific directory and the problem doesn't occur, or you don't and you give the user access anyway.
Sure, but OpenSSH does not allow this AFAIK.

Or can you somehow force him / her to only use that SSH connection to subsequently start an FTP session over it?
I don't understand this.
_________________
Martin Prikryl

Reply with quote

Advertisement

You can post new topics in this forum