| 1 |
Am Sat, 29 Apr 2017 20:30:03 +0100 |
| 2 |
schrieb lee <lee@××××××××.de>: |
| 3 |
|
| 4 |
> Danny YUE <sheepduke@×××××.com> writes: |
| 5 |
> |
| 6 |
> > On 2017-04-25 14:29, lee <lee@××××××××.de> wrote: |
| 7 |
> >> Hi, |
| 8 |
> >> |
| 9 |
> >> since the usage of FTP seems to be declining, what is a replacement |
| 10 |
> >> which is at least as good as FTP? |
| 11 |
> >> |
| 12 |
> >> I'm aware that there's webdav, but that's very awkward to use and |
| 13 |
> >> missing features. |
| 14 |
> > |
| 15 |
> > What about sshfs? It allows you to mount a location that can be |
| 16 |
> > accessed via ssh to your local file system, as if you are using |
| 17 |
> > ssh. |
| 18 |
> |
| 19 |
> Doesn't that require ssh access? And how do you explain that to ppl |
| 20 |
> finding it too difficult to use Filezilla? Is it available for |
| 21 |
> Windoze? |
| 22 |
|
| 23 |
Both, sshfs and scp, require a full shell (that may be restricted but |
| 24 |
that involves configuration overhead on the server side). You can use |
| 25 |
sftp (FTP wrapped into SSH), which is built into SSH. It has native |
| 26 |
support in many Windows clients (most implementations use PuTTY in the |
| 27 |
background). It also has the advantage that you can easily restrict |
| 28 |
users on your system to SFTP-only with an easy server-side |
| 29 |
configuration. |
| 30 |
|
| 31 |
> > Also samba can be a replacement. I have a samba server on my OpenWRT |
| 32 |
> > router and use mount.cifs to mount it... |
| 33 |
> |
| 34 |
> Does that work well, reliably and securely over internet connections? |
| 35 |
|
| 36 |
It supports encryption as transport security, and it supports kerberos |
| 37 |
for secure authentication, the latter is not easy to setup in Linux, |
| 38 |
but it should work with Windows clients out-of-the-box. |
| 39 |
|
| 40 |
But samba is a pretty complex daemon and thus offers a big attack |
| 41 |
surface for hackers and bots. I'm not sure you want to expose this to |
| 42 |
the internet without some sort of firewall in place to restrict access |
| 43 |
to specific clients - and that probably wouldn't work for your scenario. |
| 44 |
|
| 45 |
But you could offer access via OpenVPN and tunnel samba through that. |
| 46 |
By that time, you can as easily offer FTP, too, through the tunnel |
| 47 |
only, as there should be no more security concerns now: It's encrypted |
| 48 |
now. OpenVPN also offers transparent compression which can be a big |
| 49 |
plus for your scenario. |
| 50 |
|
| 51 |
OpenVPN is not too difficult to setup, and the client is available for |
| 52 |
all major OSes. And it's not too complicated to use: Open VPN |
| 53 |
connection, then use your file transfer client as you're used to. Just |
| 54 |
one simple extra step. |
| 55 |
|
| 56 |
|
| 57 |
-- |
| 58 |
Regards, |
| 59 |
Kai |
| 60 |
|
| 61 |
Replies to list-only preferred. |
Archives