Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
ftp should die?
I literally just finished setting up a personal ftp server today. -
nightowl6987y@IrreleventIdiot I know it sounds harsh but there are better alternatives out there. FTP tends to have no encryption (there is a way to do encryption, I've never used it though - I think it's FTPS?) and if you're serving passive FTP you need to make sure you're not firewalling the passive port range, etc.
Whereas SFTP runs on top of SSH (it's usually enabled by default) so it's encrypted, no additional ports need opening, everything transferred as binary files etc. Private/public key pairs can be used with it. Transferring files with WinSCP is just as easy as with something like FileZilla.
FTP does have its uses, but it seems strange that it still defaults to ASCII transfers in many cases. -
Rohr7307yShould die is simply not true.
I agree with should not be used in public/exposed to the web.
FTP is still the way to use to do a network boot, distribute bios firmware in networks etc ...
But all those use case where FTP gets used are normally in an encapsulated or seperate network segment with no direct way to the outside.
I know, there are more modern ways that replace FTP (iPXE for example uses http) but I also don't have to tell you that there are millions of devices out there that are still not capable of using these newer techniques. -
-
@nightowl
Winscp and sftp are not exactly the same. I mean you can run them both over ssh, and connect with either one, but sftp is much more reliable. And there are some limitations on the winscp side -
nightowl6987y@Rohr Usually network booting involves PXE and TFTP (not FTP). It is just a simple protocol that does file transfers, usually to get an OS started - and that's fine. You'd need something like iPXE to even do regular FTP as far as I'm aware.
On an internal network or where you're just transferring publically-available files (e.g. BIOS updates, OS ISO images etc.) there's not really any security concern.
So, OK, perhaps FTP itself doesn't need to die, but can we at least chop off one of its limbs? My rant was mainly because of manual use of FTP clients, which often defaulting to ASCII mode and corrupting binary files. People get it wrong and then say "your file is corrupt!"
Other file protocols like NFS or even Samba/CIFS don't have this problem. The only time I have ever had issues with binary transfers is when a script's "foreign" line endings caused issues after being transferred from Windows to UNIX. -
nightowl6987y@nbamaral I thought they might've been different (given that there's "scp" and "sftp" commands) but wasn't sure.
I'm aware that sftp at least has a dedicated server program that SSH starts to handle the transfer - what does scp use?
Not had any issues with WinSCP so far though. But that's probably because... /goes and looks
Ah, I'm running it as an SFTP client! -
@nightowl
You run them both from sshd, no special daemon needed. In my experience it's easier to setup chrooted environments with sftp than winscp, and it's usually more reliable transfering large amounts of data :) -
nightowl6987y@nbamaral Sorry, I thought that's what you meant when you mentioned network booting :) as I didn't think you could netboot from FTP.
Pretty sure TFTP doesn't have an "ASCII" mode at least.
Regarding SFTP vs SCP: In my sshd_config I have:
Subsystem sftp /usr/lib/openssh/sftp-server
...which I presumed is what gets executed if you SFTP into a system. I wasn't sure what scp uses? -
Winscp use the same subsystem as far as I know. Sftp behaves more like tunneled ftp, I know there are differences on the protocol:
Here are a few
http://jscape.com/blog/scp-vs-sftp/
Related Rants
Why is accidentally uploading a binary file in ASCII mode via FTP still something people do? Aside from the obvious point that FTP needs to die and something else needs to be used instead, isn't it about time binary was the default?
rant
ascii
its not corrupt its just you
ftp