Newbie question using SSH and FTP

Discussion in 'Computer Security' started by Mike, Dec 10, 2004.

  1. Mike

    Mike Guest

    I understand the importance of using SSH over telnet (and the r
    servers for that matter). But what I don't understand is, if somone is
    using SSH but is running ftp also, doesn't that negate the security
    practice of using SSH over telnet?

    What I'm saying here, and poorly might I add, if using SSH instead of
    telnet because of the worry of a malicious person sniffing the plain
    text login and password process of telnet is such a good idea wouldn't
    the plain text login process of ftp be just as bad?

    I know using SSH is always a good thing in many other ways, other than
    the login process (such as the entire session is encrypted) but I can
    never understand using ftp along with SSH...it just makes using SSH a
    moot point, to me.

    Anyones constuctive critcism or views would be greatly appreciated.

    Thanks in advance,

    Mike
     
    Mike, Dec 10, 2004
    #1
    1. Advertising

  2. Mike wrote:

    > I understand the importance of using SSH over telnet (and the r
    > servers for that matter). But what I don't understand is, if somone is
    > using SSH but is running ftp also, doesn't that negate the security
    > practice of using SSH over telnet?
    >
    > What I'm saying here, and poorly might I add, if using SSH instead of
    > telnet because of the worry of a malicious person sniffing the plain
    > text login and password process of telnet is such a good idea wouldn't
    > the plain text login process of ftp be just as bad?
    >
    > I know using SSH is always a good thing in many other ways, other than
    > the login process (such as the entire session is encrypted) but I can
    > never understand using ftp along with SSH...it just makes using SSH a
    > moot point, to me.
    >
    > Anyones constuctive critcism or views would be greatly appreciated.
    >
    > Thanks in advance,
    >
    > Mike



    Let me ask you a question. Why not use sftp? There are clients for windoze
    and the sshd server already will support this and more.
     
    Michael J. Pelletier, Dec 11, 2004
    #2
    1. Advertising

  3. Mike

    Mike Guest

    On Fri, 10 Dec 2004 16:31:38 -0800, "Michael J. Pelletier"
    <> wrote:

    >Mike wrote:
    >
    >> I understand the importance of using SSH over telnet (and the r
    >> servers for that matter). But what I don't understand is, if somone is
    >> using SSH but is running ftp also, doesn't that negate the security
    >> practice of using SSH over telnet?
    >>
    >> What I'm saying here, and poorly might I add, if using SSH instead of
    >> telnet because of the worry of a malicious person sniffing the plain
    >> text login and password process of telnet is such a good idea wouldn't
    >> the plain text login process of ftp be just as bad?
    >>
    >> I know using SSH is always a good thing in many other ways, other than
    >> the login process (such as the entire session is encrypted) but I can
    >> never understand using ftp along with SSH...it just makes using SSH a
    >> moot point, to me.
    >>
    >> Anyones constuctive critcism or views would be greatly appreciated.
    >>
    >> Thanks in advance,
    >>
    >> Mike

    >
    >
    >Let me ask you a question. Why not use sftp? There are clients for windoze
    >and the sshd server already will support this and more.


    Well, then why do most admins still use ftp and SSH together?

    I'm fully aware of sftp, sorry I didn't mention that, but I'm just
    confused why people stress using SSH over telnet, yet (as I stated in
    my original post), yet using ftp would negate the prospect of using
    SSH to prevent sniffing of plain text logins.

    Mike
     
    Mike, Dec 11, 2004
    #3
  4. Mike

    Pete Guest

    On 2004-12-11, Mike <> wrote:

    >>> I know using SSH is always a good thing in many other ways, other than
    >>> the login process (such as the entire session is encrypted) but I can
    >>> never understand using ftp along with SSH...it just makes using SSH a
    >>> moot point, to me.


    There is always scp, secure copy, to use with ssh.

    I agree though, using ssh to login to 'example.com' after ftp'ing some files
    in plain text to the same domain renders the encryption of ssh pretty
    useless. Unless, as was stated upstream, you use sftp. Or scp.

    Regards,

    Pete.

    --
    "Dammit Jim, I'm a sig file not an actor !"
     
    Pete, Dec 11, 2004
    #4
  5. -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Whelp... First off I haven't been on here in a good year but I got bored
    tonight and at 4:00am and just finished getting some kernel problems
    fixed I felt like answering this.

    One thing you might be misunderstanding is that SSH does not run `over`
    telnet. SSH itself is an entirely different transfer method.

    Some possible reasons an admin might still be running and insecure FTP
    server on a secure server would be the fact that whats on that FTP
    server might be useless to an attacker. You can't control a machine
    through FTP, though you can from SSH and/or telnet. The three of these
    services are all entirely different. If you would like secure file
    transfers I recommend doing what I do...

    Forget telnet, forget ftp, and forget sftp...
    Run your ssh server (with SCP enabled), ssh unlike telnet is capable of
    file transfers as it is. For your windows machines SSH.org has a client
    for transferring files from and too SECURELY over std. SSH or you can
    use PuttySCP. In Linux/Unix everything is built in if you have ssh. Good
    luck, I dont know if I make sense at this given moment - it isn't my
    best answer.

    Mike wrote:
    | I understand the importance of using SSH over telnet (and the r
    | servers for that matter). But what I don't understand is, if somone is
    | using SSH but is running ftp also, doesn't that negate the security
    | practice of using SSH over telnet?
    |
    | What I'm saying here, and poorly might I add, if using SSH instead of
    | telnet because of the worry of a malicious person sniffing the plain
    | text login and password process of telnet is such a good idea wouldn't
    | the plain text login process of ftp be just as bad?
    |
    | I know using SSH is always a good thing in many other ways, other than
    | the login process (such as the entire session is encrypted) but I can
    | never understand using ftp along with SSH...it just makes using SSH a
    | moot point, to me.
    |
    | Anyones constuctive critcism or views would be greatly appreciated.
    |
    | Thanks in advance,
    |
    | Mike
    |
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.5 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFBvHwMRhWeHDT6eBERAgMhAKCNP2YN6+vBQ3qyufBqXoF7Yr5ROQCfWW5g
    75H/r8gIbxZ6AI3O6YyaAvA=
    =Sz3O
    -----END PGP SIGNATURE-----
     
    David M. Dinner, Dec 12, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. c3dy8911r

    FTP and SSH access question

    c3dy8911r, Nov 30, 2004, in forum: Computer Security
    Replies:
    13
    Views:
    886
    Michael J. Pelletier
    Dec 5, 2004
  2. FTP SSH port forwarding

    , Dec 27, 2006, in forum: Computer Security
    Replies:
    0
    Views:
    484
  3. Frosty

    ftp://ftp.isc.org

    Frosty, Nov 22, 2006, in forum: Computer Support
    Replies:
    2
    Views:
    1,078
  4. Replies:
    1
    Views:
    481
    Lutz Donnerhacke
    Sep 13, 2007
  5. inventor1984
    Replies:
    4
    Views:
    1,635
    Dave \Crash\ Dummy
    Dec 21, 2009
Loading...

Share This Page