• 23 Dec

    SFTP vs FTPS

    Source: http://computersecuritypgp.blogspot.in/2015/11/sftp-vs-ftps.html

    FTP or File Transfer Protocol is a standard network protocol, which is used to transfer files from one host to another host over internet.
    FTP is normally widely used. But security is a big concern for it. FTP was not created to be a secure protocol. The traffic between two hosts are transferred unencrypted in FTP. Even the username and password transferred is also too unsecure to be sniffed by a third party. So, this protocol is very much vulnerable to sniffing or spoofing attack. So, use of FTP is deprecated in modern time for security concern.
    FTP over SSH or SFTP is one way of making FTP protocol more secure. In this protocol, a normal FTP session is tunneled over a Secure Shell connection. As a result, data transferred between two hosts are encrypted making the protocol more secure. In SFTP, data transfer is packet based, instead of text-based. Also, data is transferred over the main control connection, instead of opening a seperate data connection. In fact, there is very little common to FTP and SFTP.
    FTPS is an extension of FTP. It adds support for the SSL/TLS cryptographic protocols. In this protocol, normally a Transport Layer Security is established from the beginning of the connection. There are normally two types of FTPS – implicit and explicit.
    In case of implicit FTPS, the client is expected to send TLS ClientHello message at the beginning of the connection and if it fails, the connection is dropped.
    In explicit FTPS, the client is expected to explicitly ask for security. If it fails to ask, it is up to the server to continue in the unsecure more or drop the connection.
    Once a TLS connection is established, the data transfers between the hosts in encrypted manner.
    In terms of security, both SFTP and FTPS are good.
  • 28 Aug

    SFTP connection to the server is not established. WTF?

    You execute a rule which uses SFTP and … nothing. Connection is not established.

    SSH family of protocols is complex and various SFTP servers interpret the specifications differently. This leads to the problem, when to connect and interoperate with some server you need to select the right combination of SSH protocol settings.

    1. SFTP protocol has it’s own versions (LimagitoX supports SFTP versions 2 to 6). The server and LimagitoX must have the overlapping set of enabled versions. If the server is configured to support only SFTP 3 and LimagitoX has only versions 4 to 6 enabled, then you don’t get a connection. You need to check and adjust Versions property of LimagitoX. Moreover, some servers work correctly only when just one version (SFTP 3) is enabled. I.e. you might need to enable just SFTP 3 in LimagitoX in order to successfully work with such server.
    2. If the server closes connection without reporting any error, this usually means that you are connecting to the buggy server, which doesn’t interpret the LimagitoX client request correctly. What does this mean? LimagitoX sends the list of known algorithms to the server. The server must ignore the unknown entries in the list of algorithms. However many servers crash or close connection when they come across the name of the algorithm, that they don’t understand. In particular, all 3.x versions of OpenSSH do this. In this case you need to turn off all algorithms besides the very old and well-known (listed below). LimagitoX tries to detect the old servers automatically and disable the newer algorithms. This is controlled by the ‘Auto Adjust Ciphers’ option (default enabled). In most cases this solves the problem. If it does not, disable the ‘Auto Adjust Ciphers’ option and enable the ‘Restrict Algorithms’ option. This will turn off all algorithms besides the very old and well-known (forced).