Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Clarifying secure FTP vs. non-secure FTP settings System
To be brief, enabling "Remote Access" from the Sharing preference pane enables remote login via ssh as well as the secure ftp (sftp) server. You do not need to enable FTP Access in the Sharing pane to get the secure FTP server.

For some reason, I always thought you needed to enable both to get sftp, but I was wrong. If anyone else is under this confusion, you can disable the FTP server. There is no real excuse for anyone to use regular FTP any more, what with the proliferation of SFTP clients on Mac OS X, Windows and Linux.

[robg adds: Yes, this is a basic tip, but for those new to the various remote access options offered in OS X, they may not be aware of the relationship between ssh and sftp.]
    •    
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)
 
[14,043 views]  

Clarifying secure FTP vs. non-secure FTP settings | 8 comments | Create New Account
Click here to return to the 'Clarifying secure FTP vs. non-secure FTP settings' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Clarifying secure FTP vs. non-secure FTP settings
Authored by: mclayville on May 26, '06 10:34:39AM

Also enabled when "Remote Access" is on is scp (secure copy). This uses ssh to encrypt data when you copy files between hosts over the network. Do a man scp for more details.



[ Reply to This | # ]
Clarifying secure FTP vs. non-secure FTP settings
Authored by: Anonymous on May 27, '06 09:55:31AM

there are uses, FTP tends to allow more connections....but sftp will refuse more about 4 connections at the same time....depending on the server you are connecting to.

I use sftp most of the time and have some problems when trying to connect to my webserer and uploading sites. If i copy the site say 4 files at a time.....I will have my ip blocked for about 15 mins....



[ Reply to This | # ]
Clarifying secure FTP vs. non-secure FTP settings
Authored by: orlin on May 28, '06 08:26:47AM

I also use SFTP on a daily basis for managing Linux and Mac OS X servers and
although this protocol was not so "polished" in the past, now it's very stable and
most FTP clients support it flawlessly.

There are 2 major drawbacks though:

1). You need to create a regular account (home or user directory, etc.) on the
system to create a login and password for SFTP access. This is not great if you
want to give ONLY SFTP access to someone, without giving them SSH access
and a shell account, home directory, etc.
With FTP servers, you can create as many virtual users as you want, without
creating normal accounts on the server.

2). There is no native way to have an SFTP server on a Windows machine.


I think that it is really annoying that in 2006 we still do not have an easy to use
universal secure transfer protocol:
- FTP sucks with the gazzillion ports that need to be open, there is no encryption
- SFTP has a very limited use
- FTP with SSL is complicated to set up
- same for WebDAV
- HTTPS is not good for big transfers
- AFP or SMB are not well suited for web use....



[ Reply to This | # ]
Clarifying secure FTP vs. non-secure FTP settings
Authored by: geppo1982 on May 29, '06 04:34:07AM
I think you can use PureFTPd Manager to create virtual accounts on OS X Client. It also has the ability to create SSL self signed certificates.

[ Reply to This | # ]
Clarifying SFTP vs FTP/S
Authored by: jeremyp on May 30, '06 09:13:52AM

There are two separate secure file transfer protocols with FTP in the name.

SFTP is an FTP like client for transferring files over an ssh connection, similar to
scp but using FTP like semantics. The server side of SFTP is built in to the ssh
server which is why it works without the FTP server running.

FTP/S is real FTP but running over an SSL or TLS secured connection. Often
free FTP clients and servers do not have the capability to support FTP/S.

Personnally I don't use either protocol, scp is perfect for my needs. You can,
by the way, run openssh server in a Windows environment as long as you
install cygwin.



[ Reply to This | # ]
Clarifying secure FTP vs. non-secure FTP settings
Authored by: victory on May 30, '06 08:50:57PM
Yeah, there's very little reason to be using traditional FTP for file transfers across public networks nowadays. Besides the aforementioned lack of any real security, the dual-port nature of the protocol has always been problematic for firewall/ NAT setups as well. Probably the only valid use for the protocol any more is for public sharing (anon-FTP) of files, which, in all likelihood are better served via HTTP anyway.

Here's a few helpful links for sftp/scp client apps that others may find useful:

MacOSX GUI-based SFTP clients: Try Cyberduck (donationware), Fugu (freeware) and Transmit (commercial). No doubt there are others. Check VersionTracker, etc.

Windows-based SSH/SFTP apps: The Cygwin package(freeware) mentioned earlier, contains (among other things) a full port of an OpenSSH, both client and server. However, if you're looking for client-only apps be sure to take a look at Simon Tatham's set of freeware SSH tools: There's putty.exe*, a Windows- based SSH client as well as psftp.exe and pscp.exe, console-based versions of sftp and scp. The great thing is that these are all statically-linked binaries, meaning that each of these apps is a single 'self-contained' .exe file (i.e. no need to use an installer app on the host system) which makes them perfect for doing emergency maintenance with just about any PC with Internet access.

For Windows-based GUI SFTP clients, take a look at WinSCP (freeware) and the excellent SecureFX (commercial)

All these apps work well with OSX's OpenSSH-based SFTP server.

* Putty is really a great little Windows app. Besides using it to simply do remote terminal logins on an OSX system, you can even use it to create SSH tunnels and forward things like VNC connections from a PC to your Mac.

[ Reply to This | # ]

Clarifying secure FTP vs. non-secure FTP settings
Authored by: osxpounder on May 31, '06 01:32:18PM

Good tips; thanks! I second your recommendation of putty and its family of Windows apps. That's a good point about putty not needing an installer, and instead being self-contained.

I've used putty for a few years now to login to my Macs remotely. Nice and quick.

---
--
osxpounder



[ Reply to This | # ]
Clarifying secure FTP vs. non-secure FTP settings
Authored by: SteamSHIFT on May 31, '06 02:05:41AM

Personally my bugbear with SFTP is the apparent lack of a default chroot. When I
set up ftp I can lock users to a specific directory (and subdirectories). It seems vry
difficult to do the same thing with SFTP.

---

Andy Bennett
SteamSHIFT



[ Reply to This | # ]