The security comparison between FTP and SSH, as well as the relationship between FTP,SSH,SFTP,SCP simple analysis!

Source: Internet
Author: User
Tags md5 hash ftp client file transfer protocol scp command secure copy ssh port dns spoofing

What is the security comparison between FTP and SSH?

Ftp:

Http://baike.baidu.com/subview/369/6149695.htm

In the TCP/IP protocol, the FTP standard command TCP port number is 21,port mode with a data port of 20. The task of FTP is to transfer files from one computer to another computer, without the limitation of the operating system.

The computer that requires remote file transfer must have the FTP client installed and running.

Ssh:

Http://baike.baidu.com/subview/16184/5909252.htm

SSH is the abbreviation for secure Shell, developed by the IETF Network Working Group, and SSH is a security protocol based on the application layer and transport layer. SSH is currently a more reliable protocol that provides security for Telnet sessions and other network services. The use of SSH protocol can effectively prevent the information leakage in the remote management process.

Vs:

Traditional Web services such as FTP, pop, and telnet are inherently insecure because they transmit passwords and data in plaintext on the network, and it is very easy for an ulterior motive to intercept the passwords and data. Moreover, the security authentication methods of these service programs also have their weaknesses, that is, it is very easy to be attacked by the "man in the Middle" (man-in-the-middle) way. The so-called "middleman" attack means that the "middleman" pretends to be the real server to receive the data you pass to the server, and then impersonate you to pass the data to the real server. The data transfer between the server and you is a very serious problem after the hands and feet of the "middleman". By using SSH, you can encrypt all the transmitted data so that the "man-in-the-middle" attack is not possible, and it can prevent DNS spoofing and IP spoofing. An additional benefit of using SSH is that the transmitted data is compressed so that the transfer speed can be speeded up. SSH has many functions, which can replace Telnet and provide a secure "channel" for FTP, PoP, and even PPP.

Tip: write this, suddenly think of a teacher said before, he used FileZilla ftp software to upload files to the server side, but given the FTP security issues, he adopted some strategies:

After each upload of the file, the installation of the FTP software immediately uninstall! Next time you upload, reinstall it again! It's a little inconvenient, but it does raise security a little bit!

(If you're used to transferring files using FTP, you might want to use this strategy!) )

Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Other:

Telnet: The famous Terminal Access Protocol, traditional network service programs such as FTP, pop, and telnet, are inherently insecure because they transmit data, user accounts, and user passwords in clear text on the network.

FTP: File Transfer Protocol is a standard set of protocols used to transfer files over a network.

sftp:ssh file Transfer Protocol , sometimes referred to as Secure file Transfer Protocol or SFTP. It differs from SCP in that it allows the user to interrupt the transmission, and the SCP copy is slightly faster.

Ssh:secure Shell is a security protocol based on the transport layer, which itself belongs to the application layer and can provide secure transport service to the application layer.

SCP: (Secure Copy)--linux File Transfer command

SFTP is the abbreviation for Secure File Transfer protocol, security File Transfer Protocol. You can provide a secure encryption method for transferring files. SFTP has almost the same syntax and functionality as FTP. SFTP is part of SSH and is a secure way to transfer files to the Blogger server. In fact, in the SSH package, a secure file transfer subsystem called SFTP (secure files Transfer Protocol) has been included, and SFTP itself does not have a separate daemon. It must use the sshd daemon (the port number by default is 22) to complete the corresponding connection operation, so in a sense, sftp is not like a server program, but more like a client program. SFTP is also used to transmit authentication information and transmitted data using encryption, so it is very safe to use SFTP. However, because this transmission uses the encryption/decryption technology, the transfer efficiency is much lower than the normal FTP, and if you have higher network security requirements, you can use SFTP instead of FTP.

Traditional Web services such as FTP, pop, and telnet are inherently insecure because they transmit passwords and data in plaintext on the network, and it is very easy for an ulterior motive to intercept the passwords and data. Moreover, the security authentication methods of these service programs also have their weaknesses, that is, it is very easy to be attacked by the "man in the Middle" (man-in-the-middle) way. The so-called "middleman" attack means that the "middleman" pretends to be the real server to receive the data you pass to the server, and then impersonate you to pass the data to the real server. The data transfer between the server and you is a very serious problem after the hands and feet of the "middleman". By using SSH, you can encrypt all the transmitted data so that the "man-in-the-middle" attack is not possible, and it can prevent DNS spoofing and IP spoofing. An additional benefit of using SSH is that the transmitted data is compressed so that the transfer speed can be speeded up. SSH has many functions, which can replace Telnet and provide a secure "channel" for FTP, PoP, and even PPP.

Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

"Telnet" is a well-known terminal access Protocol, and traditional Web service programs such as FTP, Pop, and Telnet are inherently insecure because they transmit data, user accounts, and user passwords in plaintext over the network.

telnet command telnet host [port]

The abbreviation for the "SSH" secure Shell is the security protocol based on the transport layer, which itself belongs to the application layer and can provide secure transport service to the application layer.

SSH is currently a more reliable protocol that provides security for Telnet sessions and other network services. The use of SSH protocol can effectively prevent the information leakage in the remote management process. All transmitted data can be encrypted via SSH , as well as prevent DNS spoofing and IP spoofing.

Another advantage of SSH is that the data it transmits is compressed, so it can speed up the transfer. SSH has many functions, which can replace Telnet and provide a secure "channel" for FTP, POP, and even PPP.

Under "SSH command" Linux, log in to the server with SSH in the following format:
SSH-L Remote server user name remote server IP address-P remote server SSH port (default 22)

"SecureCRT using SSH2 Protocol Login Example": Under Windows, using SECURECRT 6.2 can easily Telnet to the remote server, which supports secure login access protocols such as SSH1, SSH2, Telnet/ssl, When you first use the SSH2 protocol to establish a connection to the server, SECURECRT first checks to see if the server's public key is stored in the local database, and if not, it will not transfer your username, password, which would fetch the server's public key (which can be fetched directly from the server). can also be obtained from third parties), and prompt:

The host key database does not contain a entry for the

Hostname 172.16.200.244, which resolved to 172.16.200.244,

Port 22. If you have the received this message more

than once for 172.16.200.244, this could mean that 172.16.200.244

is a "alias" which resolves to different hosts.

It is recommended verify your host key before accepting.

Server ' s host key fingerprint (MD5 hash):

24:0f:36:5e:43:ad:f5:b8:1b:ae:ac:f7:9f:c2:c0:4c

When you choose to confirm the save, SECURECRT will save the server's public key to the local public key database and then re-enter the user name and password to log into the server again safely, because this time the server's public key will be used to encrypt the user name and password. Subsequent logins and interactions will always use the public key of the server saved by the local database to encrypt the transfer.

"SCP Command"

SCP (Secure Copy)--linux File Transfer command

The SCP command is the most convenient and useful command in SSH, just imagine, the direct transfer of files between the two servers, only with the SCP a command to completely solve. You can run #scp Servername:/home/ftp/pub/file1 as root on a single server. In this way, the file on the other server/home/ftp/pub/file1 directly to the current directory of the machine, of course, you can also use the #scp/tmp/file2 servername:/boot to send the file/tmp/file2 on the machine to another machine The boot directory. And the entire transfer process is still encrypted with SSH.

The SCP is secure copy, which is used for remote file copying. The data transfer uses SSH1, and the same authentication method is used with SSH1, providing the same security guarantee. Unlike RCP, the SCP will ask you to enter your password, if necessary.

The simplest applications are as follows:

SCP Local username @IP address: File name 1 remote user name @IP address: file name 2

[Local User name @IP address:] Can not be entered, you may need to enter the password for the remote user name.

Several parameters that may be useful:

-V is the same as-V in most Linux commands to show progress. Can be used to view connections, certifications, or configuration errors.

-C Enable compression option.

-P Select the port. Note-P has been used by RCP.

-4 forcibly use the IPV4 address.

-6 forcibly use the IPV6 address.

-r recursively copy entire directories.

such as-

Copy local files to a remote machine

scp/etc/lilo.conf [Email protected]:/home/my

The local/etc/lilo.conf file will be copied to www.upsdn.net, the user's home directory.

=====================================================

For example:

Copy local files to a remote machine

scp/etc/lilo.conf [Email protected]:/home/k

The local/etc/lilo.conf file will be copied to net67.ee.oit.edu.tw, user K's home directory.

Copy the files on the remote machine to local

SCP [Email protected]:/etc/lilo.conf/etc

Copy the/etc/lilo.conf file from the net67.ee.oitdu.tw to the local/etc directory.

Keep the properties from the source host archive

scp–p [Email protected]:/etc/lilo.conf/etc

It is important to note that the user's permissions can be read remotely on the file, if you want to know more about the use of SCP, you can look at the SCP manual.

Ssh-keygen

Generate a public key (Pulib key) and private key to protect the security of SSH online, when SSH connected SHD server, will exchange the public key, the system will check the/etc/ssh_know_hosts stored in the key, if the client is found to use this Key produces a randomly generated session key to the server, both ends use this key to continue to complete the rest of the SSH phase.

It generates identity.pub, identity two files, the private key is stored in the identity, the public key is stored in identity.pub, and the next use of SCP will identity.pub copy To the home directory of the remote machine. Authorized_keys. Ssh/authorized_keys under SSH (this Authorized_keys file is equivalent to the rhosts file of the agreement), after which the user can log in without a password. RSA certification is definitely more secure and reliable than rhosts certification.

Perform:

SCP identity.pub [Email Protected]:.ssh/authorized_keys

If you do not enter a password when using Ssh-keygen to generate a key pair, you can log in to linux1.ee.oit.edu.tw from net67.ee.oit.edu.tw as shown above without entering a password. Here, the password entered here can be different from the password of the account, or you can not enter the password.

The FTP File Transfer Protocol (English: FileTransfer Protocol, referred to as FTP) is a standard set of protocols used to transfer files over a network. It belongs to the application layer of the Network protocol group.

"FTP Command" FTP host

"SFTP"

SSH file Transfer Protocol , sometimes referred to as Secure File Transfer Protocol or SFTP.

It differs from SCP in that it allows the user to interrupt the transmission, and the SCP copy is slightly faster.

Specific explanations can be found in Http://en.wikipedia.org/wiki/SSH_file_transfer_protocol

http://www.binghe.org/2010/03/telnet-ftp-ssh-sftp-scp/

Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The security comparison between FTP and SSH, as well as the relationship between FTP,SSH,SFTP,SCP simple analysis!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.