Newbie question using SSH and FTP

I understand the importance of using SSH over telnet (and the r
servers for that matter). But what I don't understand is, if somone is
using SSH but is running ftp also, doesn't that negate the security
practice of using SSH over telnet?

What I'm saying here, and poorly might I add, if using SSH instead of
telnet because of the worry of a malicious person sniffing the plain
text login and password process of telnet is such a good idea wouldn't
the plain text login process of ftp be just as bad?

I know using SSH is always a good thing in many other ways, other than
the login process (such as the entire session is encrypted) but I can
never understand using ftp along with SSH...it just makes using SSH a
moot point, to me.

Anyones constuctive critcism or views would be greatly appreciated.

Thanks in advance,

Mike

Mike

Mike wrote:

> I understand the importance of using SSH over telnet (and the r
> servers for that matter). But what I don't understand is, if somone is
> using SSH but is running ftp also, doesn't that negate the security
> practice of using SSH over telnet?
>
> What I'm saying here, and poorly might I add, if using SSH instead of
> telnet because of the worry of a malicious person sniffing the plain
> text login and password process of telnet is such a good idea wouldn't
> the plain text login process of ftp be just as bad?
>
> I know using SSH is always a good thing in many other ways, other than
> the login process (such as the entire session is encrypted) but I can
> never understand using ftp along with SSH...it just makes using SSH a
> moot point, to me.
>
> Anyones constuctive critcism or views would be greatly appreciated.
>
> Thanks in advance,
>
> Mike


Let me ask you a question. Why not use sftp? There are clients for windoze
and the sshd server already will support this and more.

Michael J. Pelletier

On Fri, 10 Dec 2004 16:31:38 -0800, "Michael J. Pelletier"
<> wrote:

>Mike wrote:
>
>> I understand the importance of using SSH over telnet (and the r
>> servers for that matter). But what I don't understand is, if somone is
>> using SSH but is running ftp also, doesn't that negate the security
>> practice of using SSH over telnet?
>>
>> What I'm saying here, and poorly might I add, if using SSH instead of
>> telnet because of the worry of a malicious person sniffing the plain
>> text login and password process of telnet is such a good idea wouldn't
>> the plain text login process of ftp be just as bad?
>>
>> I know using SSH is always a good thing in many other ways, other than
>> the login process (such as the entire session is encrypted) but I can
>> never understand using ftp along with SSH...it just makes using SSH a
>> moot point, to me.
>>
>> Anyones constuctive critcism or views would be greatly appreciated.
>>
>> Thanks in advance,
>>
>> Mike
>
>
>Let me ask you a question. Why not use sftp? There are clients for windoze
>and the sshd server already will support this and more.

Well, then why do most admins still use ftp and SSH together?

I'm fully aware of sftp, sorry I didn't mention that, but I'm just
confused why people stress using SSH over telnet, yet (as I stated in
my original post), yet using ftp would negate the prospect of using
SSH to prevent sniffing of plain text logins.

Mike

Mike

On 2004-12-11, Mike <> wrote:

>>> I know using SSH is always a good thing in many other ways, other than
>>> the login process (such as the entire session is encrypted) but I can
>>> never understand using ftp along with SSH...it just makes using SSH a
>>> moot point, to me.

There is always scp, secure copy, to use with ssh.

I agree though, using ssh to login to 'example.com' after ftp'ing some files
in plain text to the same domain renders the encryption of ssh pretty
useless. Unless, as was stated upstream, you use sftp. Or scp.

Regards,

Pete.

--
"Dammit Jim, I'm a sig file not an actor !"

Pete

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Whelp... First off I haven't been on here in a good year but I got bored
tonight and at 4:00am and just finished getting some kernel problems
fixed I felt like answering this.

One thing you might be misunderstanding is that SSH does not run `over`
telnet. SSH itself is an entirely different transfer method.

Some possible reasons an admin might still be running and insecure FTP
server on a secure server would be the fact that whats on that FTP
server might be useless to an attacker. You can't control a machine
through FTP, though you can from SSH and/or telnet. The three of these
services are all entirely different. If you would like secure file
transfers I recommend doing what I do...

Forget telnet, forget ftp, and forget sftp...
Run your ssh server (with SCP enabled), ssh unlike telnet is capable of
file transfers as it is. For your windows machines SSH.org has a client
for transferring files from and too SECURELY over std. SSH or you can
use PuttySCP. In Linux/Unix everything is built in if you have ssh. Good
luck, I dont know if I make sense at this given moment - it isn't my
best answer.

Mike wrote:
| I understand the importance of using SSH over telnet (and the r
| servers for that matter). But what I don't understand is, if somone is
| using SSH but is running ftp also, doesn't that negate the security
| practice of using SSH over telnet?
|
| What I'm saying here, and poorly might I add, if using SSH instead of
| telnet because of the worry of a malicious person sniffing the plain
| text login and password process of telnet is such a good idea wouldn't
| the plain text login process of ftp be just as bad?
|
| I know using SSH is always a good thing in many other ways, other than
| the login process (such as the entire session is encrypted) but I can
| never understand using ftp along with SSH...it just makes using SSH a
| moot point, to me.
|
| Anyones constuctive critcism or views would be greatly appreciated.
|
| Thanks in advance,
|
| Mike
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBvHwMRhWeHDT6eBERAgMhAKCNP2YN6+vBQ3qyufBqXo F7Yr5ROQCfWW5g
75H/r8gIbxZ6AI3O6YyaAvA=
=Sz3O
-----END PGP SIGNATURE-----

David M. Dinner