On Wed, 9 Aug 2000, John Abreau wrote:
> I'm preparing to deploy openssh and sftp on all the Unix systems at work
> ... so we can shut off ftp and telnet everywhere.
Good idea! :-)
> I was unable to find an open-source NT client for sftp.
SFTP is, I believe, just FTP tunneled over a forwarded SSH port. Can
someone who has studied this confirm or deny?
> The closest I could find for a decent NT client was putty.exe and
> pscp.exe, although they only support the ssh1 protocol. While putty
> *might* be acceptable, I doubt the NT users will go along with a
> command-line scp as their only file transfer option.
There is a free (gratis), Open Source GUI front-end to PSCP (PuTTY's scp(1)
implementation) available:
http://www.daplay.org/pscopy.htm
It isn't SecureFX by any stretch of the imagination, but it is "better" then
a command line.
> On the commercial end, I checked out SecureCRT/SecureFX and F/Secure. They
> both claimed to support sftp, but on closer examination I discovered that
> they only work with the proprietary sftp2 that's bundled with F/Secure's
> ssh2 server.
I have used SecureCRT and SecureFX successfully with OpenSSH in several
deployments. SecureFX just worked. I had to set a couple options for
SecureCRT to work with SSH protocol version 2. They were:
Protocol = ssh2
Cipher = RC4
MAC = MD5
Auth = Password
Server = Standard
> To go with this, we're looking at $5,000 in client licenses and $15,000 in
> server licenses, which I really don't want to recommend.
Well, you don't need the server licenses, at least. (See above.)
And, technically, you don't need the client licenses. There is free
(gratis) software available. If your organization wants to spend some money
to gain some convince, that is their choice. If you have that many NT client
workstations, you are already hemorrhaging money in license fees, so you should
be used to it. Sorry if that seems a bit harsh, but, if you've made the
decision to go with commercial software, then you have to pay the piper. :-)
I would imagine Van Dyke Software would have a site license program, too.
That might take some of the sting out.
> One other option I found was SafeTP, which sets up a secure proxy on the
> NT machine and silently manages any outgoing ftp sessions over an
> encrypted tunnel. The problem I have with this solution is that it
> requires a normal ftp server running on the remote host, and just acts as
> an encrypted front-end.
I also distrust anything security-related that is not also in wide-spread
use as an open-source standard. Who is to say that the "secure proxy" Joe
Blow whipped up on his own is *really* secure?
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
