Hi all.
I hope you are not getting confused with Secure FTP which is called SFTP? SSh uses encryption between the server and client to hide all data. You can use SSH to copy files from one machine to another using SCP. SFTP uses a different port then SSH. I would have to look up the protocol list to find it out. Standard ftp uses port 21 and 20 from memory. I think SFTP uses 96 but not 100% sure. Any way, FTP or SFTP uses ASCII or Binary mode. I hope this clears up things. Sean On 07/06/2013, at 1:24 AM, Chris Blouch <[email protected]> wrote: > ssh is encrypted so the actual data going between two boxes is binary. In > some respects the whole binary/text thing has gone away as very few data > formats can live with just ascii characters, so sftp defaults to binary. In > reality the text mode of FTP was just a cheat to save on how much data was > sent. Why send the full 8-bits when you can get away with only 7 for text? > Not so much these days. > > You only need to port forward (poke a firewall hole) for 22 to make both sftp > and ssh work. > > As far as OSX goes, ssh and sftp is turned on with the Remote Login setting. > I've never heard of somebody turning on just one or the other but it's > probably doable, just not from the GUI. There is an old (2007) discussion on > this here: http://hints.macworld.com/article.php?story=2007110914083783 > > Not sure using some random port for sftp is much of an advantage as your > users will all have to have this advanced knowledge to get in. Nice thing is > that if you're doing this through your firewall you could map port 3141 on > the public side to 22 on the Mac's side and not have to do anything special > on the Mac. At least I'm assuming so since I've never tried that. How much > trouble you put users through depends on the value of what's on that server. > If you really want people to upload in a controlled way you might be better > off just setting up a web page with an upload button and form submit handler. > > I've never had to fiddle with the user's shell. OSX defaults to bash. > > You could make a link from your shared folder of stuff you want users to > access to their account directory. Then it will be right where they are > dropped. Default is to drop folks into the /Users/shortname folder where > shortname is the shortened username created when the account was set up in > Users & Groups. > > I suspect ftp is a legacy username which probably isn't used for anything > these days but needs to be there in case some other software needs it > sometime. > > CB > > On 6/6/13 8:48 AM, Paul Erkens wrote: >> Dear geeks on here, >> >> After doing some research, I understand that I can host my own SFTP server >> on my mac. To do this is a bit of a challenge, and I have a couple of >> questions in advance that you may know the answers to. >> >> 1. As I understand it, SFTP is a protocol that runs inside, or over, SSH. >> All I've seen from SSH, is that it is a nice way to terminal into another >> mac. How can SFTP be done over a back and forth text connection? FTP is >> mostly binary, at least almost always for file transfers. Clearly, I'm still >> missing some basics here. >> >> 2. Is it true that SSH and SFTP both use, and only use, port 22 on the >> listening server? In other words, do I need to forward other ports besides >> 22? >> >> 3. Can I have one without the other? In other words: if I need an SFTP >> server to function, can I still prevent folks from logging in, to do >> terminal like things over ssh? I'm asking because, if you turn on remote >> login from within the sharing item of system preferences, then not only do >> you turn on SFTP, but also SCP and regular SSH. >> Using telnet or in this case its secure version ssh, someone could go >> virtually anywhere. Using SFTP however, I can restrict which folders other >> users see. I'm still piecing the concept together in my mind. Is it possible >> to run an SFTP service while blocking regular SSH terminal sessions out? >> >> 4. Is it a good idea to choose a different listening port on my router, that >> other users can SFTP into? Usually it is 22, but to obscure the SFTP server >> a bit, I could choose another listening port, correct? Are there any >> technical disadvantages that I should keep in mind when choosing an >> alternative incoming SFTP port? >> >> 5. An interesting part. To allow a user to do SFTP, and this is what I don't >> understand, I need to go into the user's advanced options, and then set the >> user shell to /bin/bash. Why should I do this at all? I want them to SFTP, I >> don't want them to do SSH commands. So first, what means /usr/bin/false and >> why does it need to point to bash instead? >> >> 6. I also need to set the user's home directory. I have a lot of stuff to >> offer, but if I gave each user his or her own home directory, then how do >> they get to my files repository from there, once they are logged in? >> >> 7. There is a reserved username called ftp. What is this being used for, and >> what if a random user attempts this as a username on my system? >> >> Hoping for answers. >> >> Kind regards, >> Paul. >> > > -- > ¯\_(ツ)_/¯ > > -- > You received this message because you are subscribed to the Google Groups > "MacVisionaries" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/macvisionaries?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > -- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/macvisionaries?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
