1

A friend of mine says giving people SFTP and therefore jailed shell access is a bad idea. However, I think you need a port open for FTPES to work though.

Which is the better connection method?

firefusion
  • 303
  • 2
  • 3
  • 8

2 Answers2

3

It's perfectly possible to give someone SCP/SFTP-access without giving them a shell.

What I like about SFTP:

  • Strictly defined standard
  • No need for a DATA connection
  • The connection is always secured
  • The directory listing is uniform and machine-readable
  • Permissions, attribute manipulation, file locking, ...

What I like about FTPS:

  • Widely known and used
  • Easy to understand what is going on
  • Transmission Server-to-Server
  • X.509 certificate features
  • FTP and SSL/TLS support is built into many browsers, FTP-Clients,...

Depends on what you think is important...

Bart De Vos
  • 17,911
  • 6
  • 63
  • 82
  • +1. `No need for a DATA connection`. In those days with ipv4 depletion and nat, this is the feature I'd like w/ FTP... – petrus Apr 12 '11 at 08:25
  • SFTP has a serious design limitation that could be worked around in clients but is not: it sends data in 16k packets and requires a round trip ACK for each of them. It severely limits throughput where there is any significant amount of latency. – niXar Apr 12 '11 at 10:58
  • True, but theres a patch for the speeds problems: http://www.psc.edu/networking/projects/hpn-ssh/ – Bart De Vos Apr 12 '11 at 11:09
0

You can use the ChrootDirectory and "Subsystem internal-sftp" directive to constrain user without giving them any possibility of starting a shell. There is no reason why it should be less secure than FTPS. You should also disable TCPForwarding and related options.

Ideally, you could have a different sshd process doing SFTP-only on a different port or interface to strongly differentiate from admin ssh. This is needed when running RHEL5 IIRC because it has an older openssh, but on the newer versions there are several more directives to constrain users based on various criterions.

Your friend is right in one respect: jailed shell access is no good. If you don't do what I just described, and merely chroot the users while allowing them shell access in any way, you are not secure. It is unnecessary nowawadays anyway, so it shouldn't be a problem.

niXar
  • 2,043
  • 17
  • 23