Dale Anderson skribis: > Please find below some questions we have around testing SFTP file transfers > via JSCH: > > 1. Is there a way to test that the file transfer is indeed happening via > sftp (secure channel)
JSch's ChannelSftp can't upload files in any other way than SFTP. The connection (session) is encrypted by default. You would have to use some special options (i.e. use "none" encryption) and the server would have to accept this, for disabling encryption. Another way to attack could be a fake crypto provider doing strange stuff instead of the real encryption (etc.) - but then the attacker would additionally have to attack the network and intercept the messages, as the server would not normally understand this. Normally, if the attacker can modify your crypto providers, he has easier ways to get your data than attacking the SSH connection. > 2. Is there a maximum filesize per file transfer that is recommended (so > that I can test the worst case scenario)? The file offsets are transmitted as 64-bit integers (i.e. long values). Maybe only positive ones ... this would be 2^63-1 for a maximum file size. I don't think you want to test this, as it is likely more than you have space on your server. Test with some realistic file sizes, and with some sizes quite more than you would ever want to transfer. You should rekey after about each gigabyte of data, to avoid some attacks from data analysis. (I'm not sure if JSch or the ChannelSftp does this automatically, maybe it should.) > 3. Is there maximum nr. of connections that is recommended (so that I can > test the worst case scenario)? Do you mean channels in a session, or uploads in a channel? I think there is no practical limit imposed by the protocol or by JSch for both. Of course, some servers might have some limits here. Channels in a session are identified by 32 bit numbers. Open files (for upload/download) in a SFTP channel are identified by opaque identifying strings issued by the server. These can have any length. PaĆlo
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________ JSch-users mailing list JSch-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jsch-users
