Quote:
|
Originally Posted by beejay
It authenticates using AD. You may be able to do the same thing using ldap....
|
You do know that AD uses LDAP and Kerberos to authenticate against right?
As far as sFTP is concerned.
The common method for most Web users to transfer files to and from their Web hosting account is to use an FTP Client. Easy-to-use graphical user interfaces (GUIs) allow the user to drag and drop files between local computer and remote server - in a very easy manner. FTP clients allow the user to upload/download files, change file permissions using CHMOD command and more. All very convenient.
However, FTP and Unix command operations such as RCP are not secure. Packet sniffers can quite easily capture usernames, passwords and file content. If you have your own server, then you most likely know about FTP vulnerabilities. For the 'average' Web user, the 'sniffing' opportunities FTP and RCP provide (by sending the information 'in the clear' as ASCII plain text) are not known by many.
SSH1 combated this issue to an extent by using what is known as 'Port Forwarding' (aka SSH tunneling). FTP traffic (which uses standard TCP connections) can be port-forwarded over secure shell - preventing username and password sniffing. However, the file content must be transferred outside the secure shell over an unprotected clear text data connection.
SSH1 used 'port-forwarding' RCP (Remote copy) and FTP tunneled over a secure shell session. SCP (Secure copy) is the name used to refer to port-forwarding of the RCP command.
SFTP - Key Points
* SFTP doesn't require an FTP server - it operates on the SSH server.
* SFTP protects every piece of information sent over the network. Usernames, passwords and the data.
* An SFTP client running SSH software encrypts and tunnels traffic to a secure shell server, where the tunneled stream is decrypted.
* FTP, RCP » Data not encrypted. Username, password and data is sent in the clear. Prone to packet sniffing.
* SCP, FTP over a secure shell » Username and password is encrypted, but data is sent in the clear.
* SFTP is ideal for use by businesses who need to send sensitive information securely » company reports, financial statements, confidential files and so on. SFTP is ideal for secure file transfer within and between businesses.
* The server you are connecting to must have an SSH server installed (with SSH2). Most servers have Open source SSH servers already set-up (Openssh.com). There are also a number of commercial SSH servers on the market.
* Connecting to an SSH server with an SFTP client is very much like you would with an FTP client - with 2 exceptions. 1) You connect using the SFTP protocol: sftp://www.yourdomain.com. 2) You connect to Port 22 (The SSH port), NOT Port 21 (The FTP port).
* SFTP clients are readily available for download - both FREE (open source) and commercial versions for use on both Unix, Linux and Windows OS platforms.
* Using an SFTP client is easy-as-pie - just like it is when connecting with your favorite FTP client (which may in fact already support SSH2 connections and SFTP).
* SFTP may also use many features of SSH such as public-key encryption and compression.