ssh is encrypted so the actual data going between two boxes is binary.
In some respects the whole binary/text thing has gone away as very few
data formats can live with just ascii characters, so sftp defaults to
binary. In reality the text mode of FTP was just a cheat to save on how
much data was sent. Why send the full 8-bits when you can get away with
only 7 for text? Not so much these days.
You only need to port forward (poke a firewall hole) for 22 to make both
sftp and ssh work.
As far as OSX goes, ssh and sftp is turned on with the Remote Login
setting. I've never heard of somebody turning on just one or the other
but it's probably doable, just not from the GUI. There is an old (2007)
discussion on this here:
http://hints.macworld.com/article.php?story=2007110914083783
Not sure using some random port for sftp is much of an advantage as your
users will all have to have this advanced knowledge to get in. Nice
thing is that if you're doing this through your firewall you could map
port 3141 on the public side to 22 on the Mac's side and not have to do
anything special on the Mac. At least I'm assuming so since I've never
tried that. How much trouble you put users through depends on the value
of what's on that server. If you really want people to upload in a
controlled way you might be better off just setting up a web page with
an upload button and form submit handler.
I've never had to fiddle with the user's shell. OSX defaults to bash.
You could make a link from your shared folder of stuff you want users to
access to their account directory. Then it will be right where they are
dropped. Default is to drop folks into the /Users/shortname folder where
shortname is the shortened username created when the account was set up
in Users & Groups.
I suspect ftp is a legacy username which probably isn't used for
anything these days but needs to be there in case some other software
needs it sometime.
CB
On 6/6/13 8:48 AM, Paul Erkens wrote:
Dear geeks on here,
After doing some research, I understand that I can host my own SFTP server on
my mac. To do this is a bit of a challenge, and I have a couple of questions in
advance that you may know the answers to.
1. As I understand it, SFTP is a protocol that runs inside, or over, SSH. All
I've seen from SSH, is that it is a nice way to terminal into another mac. How
can SFTP be done over a back and forth text connection? FTP is mostly binary,
at least almost always for file transfers. Clearly, I'm still missing some
basics here.
2. Is it true that SSH and SFTP both use, and only use, port 22 on the
listening server? In other words, do I need to forward other ports besides 22?
3. Can I have one without the other? In other words: if I need an SFTP server
to function, can I still prevent folks from logging in, to do terminal like
things over ssh? I'm asking because, if you turn on remote login from within
the sharing item of system preferences, then not only do you turn on SFTP, but
also SCP and regular SSH.
Using telnet or in this case its secure version ssh, someone could go virtually
anywhere. Using SFTP however, I can restrict which folders other users see. I'm
still piecing the concept together in my mind. Is it possible to run an SFTP
service while blocking regular SSH terminal sessions out?
4. Is it a good idea to choose a different listening port on my router, that
other users can SFTP into? Usually it is 22, but to obscure the SFTP server a
bit, I could choose another listening port, correct? Are there any technical
disadvantages that I should keep in mind when choosing an alternative incoming
SFTP port?
5. An interesting part. To allow a user to do SFTP, and this is what I don't
understand, I need to go into the user's advanced options, and then set the
user shell to /bin/bash. Why should I do this at all? I want them to SFTP, I
don't want them to do SSH commands. So first, what means /usr/bin/false and why
does it need to point to bash instead?
6. I also need to set the user's home directory. I have a lot of stuff to
offer, but if I gave each user his or her own home directory, then how do they
get to my files repository from there, once they are logged in?
7. There is a reserved username called ftp. What is this being used for, and
what if a random user attempts this as a username on my system?
Hoping for answers.
Kind regards,
Paul.
--
¯\_(ツ)_/¯
--
You received this message because you are subscribed to the Google Groups
"MacVisionaries" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/macvisionaries?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
