Why to consider setting up an FTP service on a server when files transfers work fine by means of SSH (with Midnight Commander on a Lunux and FileZilla on a Windows client)? What are pros and cons of both? Except of the fact tat FTP is more widely supported by different clients.
-
FTP is unencrypted. SSH is encrypted. SSH allows remote shell access as well as file transfer, whereas FTP only allows file transfer. Any data transferred via an unencrypted protocol has an unusual risk for eavesdropping, which could compromise both access to your system and the data being transferred.
One of the primary applications of FTP at present time would be for a publicly accessible anonymous file server. I would attribute this partially due to the commonality and simplicity of the protocol. Moreover, an unencrypted transfer has less overhead than an encrypted transfer, which enables quicker transfers.
FTP for user authentication is depreciated and ill-advised, as it risks the authentication data for your system.
sybreon : Also, active mode FTP requires two open ports instead.EvilRyry : The encryption also guarantees integrity of the data.Ivan : "One of the primary applications of FTP at present time would be for a publicly accessible anonymous file server." - Another popular usage to mention is shared web hosting. Virtually all hosting providers give FTP access to your wwwroot for you to be able to update your pages, while most of shared hosting providers (~90% of Czech ISPS I'd say) don't give SSH saying "for security" (they say they think users will be able to view other users' files in this case :-) ...Ivan : ... and give dreamhost as an example of such an issue - users accessing other users' files through SSH).Warner : Wow, I'm surprised some ISPs are still doing it. I wouldn't.From Warner -
SSH is much more tolerant of network security devices like firewalls and things that do NAT. FTP is famously tricky to firewall, and generally requires one end-point to have a real IP addresss (i.e. no NAT).
SSH is better at handling NAT. In fact, both ends can be behind NAT which is generally not possible without a lot of crowbar with FTP.
FTP is generally faster because of the dead simple nature of the protocol, though the right versions of SFTP can approach that level of speed.
FTP support is built into most modern browsers, where none I know of have SSH. There may be plugins that shim this, though.
SSH is vastly more secure, which allows user authentication. FTP supports that but does so over plain text in the clear, a fact that contradicts most sane security policies.
The only reason to use FTP is for public-file sharing. Things like linux kernel source repositories.
Ivan : Regarding your example, aren't the most of people of those interested in downloading a kernel source, comfortable with SSH? Anyway, for publishing purposes, why not to use HTTP instead?sysadmin1138 : Pardon me while I channel Jerry Bock, "Tradiiiiitioooooon! TRADITION!" Because that's the way it has always been done.Warner : I still like FTP for those purposes. =)sysadmin1138 : @warner Me too, since you can browse a remote file tree pretty simply from command line with FTP, which is a bit trickier with HTTP. But then, I also date from the pre-spam internet when that's all there was.From sysadmin1138
0 comments:
Post a Comment