Why to consider setting up an FTP service on a server when files transfers work fine by means of SSH (with Midnight Commander on a Lunux and FileZilla on a Windows client)? What are pros and cons of both? Except of the fact tat FTP is more widely supported by different clients.
Asked
Active
Viewed 3.6k times
18
-
1FTP - **Con**. Does not play well with modern firewalls & NAT'ing – Nick Kavadias Jul 09 '10 at 02:08
-
How "modern" are your firewalls Nick? It's a breeze, especially in ASDM. – RHELAdmin Jul 09 '10 at 02:45
-
@Nick, make that modern SOHO grade firewalls have a hard time with FTP. Newer business grade models have no problem once properly configured. – Chris S Jul 09 '10 at 03:09
-
Shoot, `ip_masq_ftp` has been available for a very long time. I would probably consider the lack of support deviant behavior. – Warner Jul 09 '10 at 03:17
-
no idea why i used the word modern in there! doh – Nick Kavadias Jul 10 '10 at 02:53
2 Answers
5
SSH is much more tolerant of network security devices like firewalls and things that do NAT. FTP is famously tricky to firewall, and generally requires one end-point to have a real IP addresss (i.e. no NAT).
SSH is better at handling NAT. In fact, both ends can be behind NAT which is generally not possible without a lot of crowbar with FTP.
FTP is generally faster because of the dead simple nature of the protocol, though the right versions of SFTP can approach that level of speed.
FTP support is built into most modern browsers, where none I know of have SSH. There may be plugins that shim this, though.
SSH is vastly more secure, which allows user authentication. FTP supports that but does so over plain text in the clear, a fact that contradicts most sane security policies.
The only reason to use FTP is for public-file sharing. Things like linux kernel source repositories.
sysadmin1138
- 133,124
- 18
- 176
- 300
-
Regarding your example, aren't the most of people of those interested in downloading a kernel source, comfortable with SSH? Anyway, for publishing purposes, why not to use HTTP instead? – Ivan Jul 09 '10 at 04:56
-
Pardon me while I channel Jerry Bock, "Tradiiiiitioooooon! TRADITION!" Because that's the way it has always been done. – sysadmin1138 Jul 09 '10 at 05:24
-
-
@warner Me too, since you can browse a remote file tree pretty simply from command line with FTP, which is a bit trickier with HTTP. But then, I also date from the pre-spam internet when that's all there was. – sysadmin1138 Jul 09 '10 at 13:44
-
@sysadmin1138, Chrome has browser addons that does SSH. What do you mean by a "shim". Why do you call these add-ons a shim? – Pacerier Oct 31 '14 at 17:10
-
-
@sysadmin1138, Probably. Do update, and btw what do you mean by a "shim", why do you call these add-ons a shim? – Pacerier Oct 31 '14 at 22:18
3
FTP is unencrypted. SSH is encrypted. SSH allows remote shell access as well as file transfer, whereas FTP only allows file transfer. Any data transferred via an unencrypted protocol has an unusual risk for eavesdropping, which could compromise both access to your system and the data being transferred.
One of the primary applications of FTP at present time would be for a publicly accessible anonymous file server. I would attribute this partially due to the commonality and simplicity of the protocol. Moreover, an unencrypted transfer has less overhead than an encrypted transfer, which enables quicker transfers.
FTP for user authentication is depreciated and ill-advised, as it risks the authentication data for your system.
Warner
- 23,756
- 2
- 59
- 69
-
-
-
"One of the primary applications of FTP at present time would be for a publicly accessible anonymous file server." - Another popular usage to mention is shared web hosting. Virtually all hosting providers give FTP access to your wwwroot for you to be able to update your pages, while most of shared hosting providers (~90% of Czech ISPS I'd say) don't give SSH saying "for security" (they say they think users will be able to view other users' files in this case :-) ... – Ivan Jul 09 '10 at 05:03
-
... and give dreamhost as an example of such an issue - users accessing other users' files through SSH). – Ivan Jul 09 '10 at 05:04
-
-
@Warner, Actually the context of the question shows that the asker is asking for a comparison of **S/FTP/S** with SSH.... – Pacerier Oct 31 '14 at 17:20