----- Original Message ----- From: Matthew J. Roth Sent: 09/09/13 04:55 PM To: Community support for Fedora users Subject: Re: tls
Patrick Dupre wrote:
ssh works fine. However, I have a possible explaination. This machine is behind a firewall and to be able to make ssh, I add to ask to have the ssh port open. Probably, the ftp port is closed. Should I ask to have it open to use ssl/tls? Is it port 21? or 990? how can I check the port 22 is open while the other ones are closed on the firewall (I do not have admin access to this machine).
Patrick,
Do you have a compelling reason to use FTPS. If not, SFTP provides the same functionality (encrypted file transfers) and it runs over SSH, so it should *just work* in your environment.
Yes, I know, but ssh/tls seems more secure!
Regards,
Matthew Roth InterMedia Marketing Solutions Software Engineer and Systems Developer -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
=========================================================================== Patrick DUPRÉ | | email: pdupre@gmx.com Laboratoire de Physico-Chimie de l'Atmosphère | | Université du Littoral-Côte d'Opale | | Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44 189A, avenue Maurice Schumann | | 59140 Dunkerque, France ===========================================================================
Patrick Dupre wrote:
ssh works fine. However, I have a possible explaination. This machine is behind a firewall and to be able to make ssh, I add to ask to have the ssh port open. Probably, the ftp port is closed. Should I ask to have it open to use ssl/tls? Is it port 21? or 990? how can I check the port 22 is open while the other ones are closed on the firewall (I do not have admin access to this machine).
Matthew J. Roth wrote:
Do you have a compelling reason to use FTPS. If not, SFTP provides the same functionality (encrypted file transfers) and it runs over SSH, so it should *just work* in your environment.
Patrick Dupre wrote:
Yes, I know, but ssh/tls seems more secure!
Patrick,
Both FTPS and SFTP utilize essentially the same techniques to secure a connection and provide similar levels of security. FTPS has a slight edge when it comes to authentication, because it uses X.509 certificates while SFTP uses SSH keys. However, this is only relevant if personally verifying the authenticity of keys (e.g. issuing a key yourself or verbally confirming its fingerprint by phone) isn't sufficient and you require a CA to verify the authenticity of certificates instead.
On the other hand, SFTP is easier to administer from a network perspective since only port 22/tcp must be opened in the firewall. This is the same port used by SSH, so in many cases (including yours) it's already open.
In my opinion, FTPS is slightly less secure than SFTP because its risks (running an additional daemon and opening multiple firewall ports) outweigh its benefit (X.509 authentication). Considering that SFTP is probably already available on your computer (it's enabled by default), it's the obvious choice unless you absolutely require X.509 authentication for file transfers.
Regards,
Matthew Roth InterMedia Marketing Solutions Software Engineer and Systems Developer
Am 09.09.2013 20:22, schrieb Patrick Dupre:
----- Original Message ----- From: Matthew J. Roth Sent: 09/09/13 04:55 PM To: Community support for Fedora users Subject: Re: tls
Patrick Dupre wrote:
ssh works fine. However, I have a possible explaination. This machine is behind a firewall and to be able to make ssh, I add to ask to have the ssh port open. Probably, the ftp port is closed. Should I ask to have it open to use ssl/tls? Is it port 21? or 990? how can I check the port 22 is open while the other ones are closed on the firewall (I do not have admin access to this machine).
Patrick,
Do you have a compelling reason to use FTPS. If not, SFTP provides the same functionality (encrypted file transfers) and it runs over SSH, so it should *just work* in your environment.
Yes, I know, but ssh/tls seems more secure!
this line makes no sense at all
"i do not want to use SFTP because SSH which is SFTP is more secure and so i use a ftp-server not running over SSH with TLS extensions" is a other wording for what you said