Securing FTP If you use any file transfer software (Ipswitch/WS_FTP, ftp, CuteFTP) you may find it hard to believe that FTP is a security nightmare (it can greatly complicate setting up firewalls). FTP has always been a valuable tool. If you want to secure (encrypt) your FTP sessions, sftp has traditionally been the way to do it. However, most SSH clients also have the capability of supporting the SFTP protocol. The two listed here are command line style FTP programs. There are a number of supported commands (basically just like command line FTP).
- UNIX/Linux – openssh.org
- Windows – Putty supports sftp via the PSCP and PSFTP clients
For the curious, here is the SFTP Internet Draft. The tradeoff is that using these tools doesn’t give you a pretty GUI. But you can search for packages that do (or write your own and submit it back to the developers!) Also, there is no anonymous FTP – a user account is required. Just because it doesn’t have a GUI is no cause to despair – I used it quite easily to upload this page and supporting materials, and it didn’t hurt a bit! PSCP (and scp in general) is meant for a single copy and terminate session. On the other hand, sftp/PSFTP is much like a traditional FTP session. The Putty website has complete instructions for using PSFTP. A standard PSFTP session may begin like so:
C:\usr>psftp psftp: no hostname specified; use "open host.name" to connect psftp> open firstname.lastname@example.org Using username "optimusprime". email@example.com's password: Remote working directory is /n/opus/u/bet/optimusprime psftp> help ... A standard openssh sftp session may run like so:
jdoe@disco myfiles$ sftp firstname.lastname@example.org Connecting to play.cs.columbia.edu... jsmith@play's password: sftp> help ... sftp> bye jdoe@disco myfiles$