[BlueOnyx:16163] Re: secure ftp (over ssh)

[Michael Stauber]

Hi Maurice,

> As I understand BX supports SFTP out of the box (secure ftp
> over ssh), correct?
> 
> I can only get it to work if the user that wants to login by ftp has 
> shell access enabled. Is that correct? Because I rather don't want to 
> give him shell access.

The problem here is also one of definition, as the expression "SFTP" is
often used for different purposes and involves different technical
approaches.

SFTP may refer to:

1.) SSH File Transfer Protocol, a network protocol for secure file
transfer over secure shell.

2.) FTP over SSH, the practice of tunneling an unencrypted File Transfer
Protocol session over SSH.

3.) FTP over SSL, an extension to the (by itself) unsecured FTP protocol.

In itself it is possible to use all three methods with BlueOnyx. But
actually "built in", configurable over the GUI and ready to use are
option #1 and option #3.

Option #1: Works over SSH. So SSH must be active. It must accept
password authentication (or the user must have SSH keys set up) *and*
the user *must* have shell access enabled on the server. If that is the
case, he can use either SFTP or SCP or can login directly via SSH. Which
- in most usage cases - is *not* desirable.

Option #3: If FTPS is enabled in the GUI, then FTP over SSL will be
enabled and runs on port 990. In that case any user with FTP access can
connect to FTP on port 990 over an SSL encrypted FTP session. Shell
access is not required. FTP clients with FTPS support often ask if the
connection is supposed to be "explicit" or "implicit". FileZilla does
this for example. Choose "explicit".

Like with all SSL connections: If the SSL certificate for the site in
question (or the SSL certificate for the server itself) are self-signed,
then most FTPS clients will ask you to confirm that this SSL certificate
is trustworthy.

-- 
With best regards

Michael Stauber