Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for June 20, 2013
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Because it is convenient and it works.
> There are so many less brain dead and much more secureable alternatives that it boggles the mind that anyone even knows that FTP ever existed.
There are alternatives, but not terribly suitable replacements. The closest is probably webdev.
If you care about security you use signed/encrypted files and throw away user accounts that have nothing to do with unix accounts.
Who still uses FTP, for anything?
Posted Jul 6, 2011 10:54 UTC (Wed) by Jonno (subscriber, #49613)
sftp is a file transfer protocol built on top of ssh (technically you ssh into a machine and run /usr/lib/misc/sftp-server instead of your shell), and has nothing to do with ftps (which is regular ftp within a tls channel).
sftp's biggest disadvantage is that it shares / by default, and while restricting that is easy, you also restrict your regular ssh session at the same time, making it virtually useless. Of course, you can run two instances of the ssh server at different ports, one chrooted and only allowing sftp, and one only allowing admins to log in but giving full ssh access.
Posted Jul 6, 2011 13:22 UTC (Wed) by niner (subscriber, #26151)
Posted Jul 7, 2011 11:52 UTC (Thu) by Jonno (subscriber, #49613)
Being able to configure a chroot path for sftp-sessions only would simplify this hugely.
Posted Jul 6, 2011 16:07 UTC (Wed) by jond (subscriber, #37669)
What about legacy client software lacking sftp support?
Posted Jul 7, 2011 7:25 UTC (Thu) by rqosa (subscriber, #24136)
> What about anonymous FTP?
Assuming that the anonymous users aren't allowed to upload files, HTTP should be a suitable replacement.
Posted Jul 7, 2011 10:35 UTC (Thu) by anselm (subscriber, #2796)
Kinda, sorta as long as you don't rely on FTP features such as partial downloads, wildcard-filename downloads or translation of line endings for text files.
Of course there are ways of getting these sorted on an HTTP server, but they may involve added inconvenience for the downloading user or the server operator. For example, an FTP server will give you a directory listing but an HTTP server usually won't (not as long as you don't enable it explicitly, and then usually in an HTML format that programs must laboriously parse).
Posted Jul 7, 2011 12:04 UTC (Thu) by Jonno (subscriber, #49613)
The closest thing to a standard there is is "do like POSIX `ls -la`", but that is not universally followed, especially by ftp servers on non-POSIX hosts...
For HTTP there is at least webdav, which can provide a standardized machine parseable directory listing...
Posted Jul 8, 2011 7:53 UTC (Fri) by rqosa (subscriber, #24136)
> partial downloads
HTTP supports that, by way of the "Range:" request header.
> translation of line endings for text files
That really shouldn't be necessary anymore, since many programs (text editors, etc.) support the multiple different line-ending types. (And of course it will corrupt binary files if turned on by mistake.)
Posted Jul 8, 2011 8:02 UTC (Fri) by rqosa (subscriber, #24136)
Posted Jul 8, 2011 11:47 UTC (Fri) by union (subscriber, #36393)
I find one of the major shortcoming of OpenSSH sftp implementation is lack of logging.
I believe OpenSSH devs say that since you can login via ssh and copy paste data it would not guarantee completes and provide false sense of security.
But I would like an option for running sftp only with nice logs, but as far as I can tell there really isn't any widely deployed sftp only server for linux.
Posted Jul 8, 2011 17:06 UTC (Fri) by firstname.lastname@example.org (guest, #51369)
Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO -f AUTHPRIV
in your sshd_config. That will be fairly verbose (logging e.g. what directories are opened to find a file list) but will also log file transfers.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds