tls
Patrick Dupre
pdupre at gmx.com
Mon Sep 9 22:01:10 UTC 2013
> ----- Original Message -----
> From: Matthew J. Roth
> Sent: 09/09/13 11:24 PM
> To: Community support for Fedora users
> Subject: Re: tls
>
> >>> Patrick Dupre wrote:
> >>>
> >>> ssh works fine. However, I have a possible explaination.
> >>> This machine is behind a firewall and to be able to make ssh, I
> >>> add to ask to have the ssh port open. Probably, the ftp port is
> >>> closed. Should I ask to have it open to use ssl/tls?
> >>> Is it port 21? or 990? how can I check the port 22 is open
> >>> while the other ones are closed on the firewall (I do not have
> >>> admin access to this machine).
> >>
> >> Matthew J. Roth wrote:
> >>
> >> Do you have a compelling reason to use FTPS. If not, SFTP provides the same
> >> functionality (encrypted file transfers) and it runs over SSH, so it should
> >> *just work* in your environment.
> >
> > Patrick Dupre wrote:
> >
> > Yes, I know, but ssh/tls seems more secure!
Thank Matthew.
I probably need to learn more how to use sftp for having best secure transfers
using my own key.
>
> Patrick,
>
> Both FTPS and SFTP utilize essentially the same techniques to secure a
> connection and provide similar levels of security. FTPS has a slight edge
> when it comes to authentication, because it uses X.509 certificates while SFTP
> uses SSH keys. However, this is only relevant if personally verifying the
> authenticity of keys (e.g. issuing a key yourself or verbally confirming its
> fingerprint by phone) isn't sufficient and you require a CA to verify the
> authenticity of certificates instead.
>
> On the other hand, SFTP is easier to administer from a network perspective
> since only port 22/tcp must be opened in the firewall. This is the same port
> used by SSH, so in many cases (including yours) it's already open.
>
> In my opinion, FTPS is slightly less secure than SFTP because its risks (running
> an additional daemon and opening multiple firewall ports) outweigh its benefit
> (X.509 authentication). Considering that SFTP is probably already available on
> your computer (it's enabled by default), it's the obvious choice unless you
> absolutely require X.509 authentication for file transfers.
>
> Regards,
>
> Matthew Roth
> InterMedia Marketing Solutions
> Software Engineer and Systems Developer
> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
===========================================================================
Patrick DUPRÉ | | email: pdupre at gmx.com
Laboratoire de Physico-Chimie de l'Atmosphère | |
Université du Littoral-Côte d'Opale | |
Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44
189A, avenue Maurice Schumann | | 59140 Dunkerque, France
===========================================================================
More information about the users
mailing list