1 |
Am Sat, 29 Apr 2017 20:30:03 +0100 |
2 |
schrieb lee <lee@××××××××.de>: |
3 |
|
4 |
> Danny YUE <sheepduke@×××××.com> writes: |
5 |
> |
6 |
> > On 2017-04-25 14:29, lee <lee@××××××××.de> wrote: |
7 |
> >> Hi, |
8 |
> >> |
9 |
> >> since the usage of FTP seems to be declining, what is a replacement |
10 |
> >> which is at least as good as FTP? |
11 |
> >> |
12 |
> >> I'm aware that there's webdav, but that's very awkward to use and |
13 |
> >> missing features. |
14 |
> > |
15 |
> > What about sshfs? It allows you to mount a location that can be |
16 |
> > accessed via ssh to your local file system, as if you are using |
17 |
> > ssh. |
18 |
> |
19 |
> Doesn't that require ssh access? And how do you explain that to ppl |
20 |
> finding it too difficult to use Filezilla? Is it available for |
21 |
> Windoze? |
22 |
|
23 |
Both, sshfs and scp, require a full shell (that may be restricted but |
24 |
that involves configuration overhead on the server side). You can use |
25 |
sftp (FTP wrapped into SSH), which is built into SSH. It has native |
26 |
support in many Windows clients (most implementations use PuTTY in the |
27 |
background). It also has the advantage that you can easily restrict |
28 |
users on your system to SFTP-only with an easy server-side |
29 |
configuration. |
30 |
|
31 |
> > Also samba can be a replacement. I have a samba server on my OpenWRT |
32 |
> > router and use mount.cifs to mount it... |
33 |
> |
34 |
> Does that work well, reliably and securely over internet connections? |
35 |
|
36 |
It supports encryption as transport security, and it supports kerberos |
37 |
for secure authentication, the latter is not easy to setup in Linux, |
38 |
but it should work with Windows clients out-of-the-box. |
39 |
|
40 |
But samba is a pretty complex daemon and thus offers a big attack |
41 |
surface for hackers and bots. I'm not sure you want to expose this to |
42 |
the internet without some sort of firewall in place to restrict access |
43 |
to specific clients - and that probably wouldn't work for your scenario. |
44 |
|
45 |
But you could offer access via OpenVPN and tunnel samba through that. |
46 |
By that time, you can as easily offer FTP, too, through the tunnel |
47 |
only, as there should be no more security concerns now: It's encrypted |
48 |
now. OpenVPN also offers transparent compression which can be a big |
49 |
plus for your scenario. |
50 |
|
51 |
OpenVPN is not too difficult to setup, and the client is available for |
52 |
all major OSes. And it's not too complicated to use: Open VPN |
53 |
connection, then use your file transfer client as you're used to. Just |
54 |
one simple extra step. |
55 |
|
56 |
|
57 |
-- |
58 |
Regards, |
59 |
Kai |
60 |
|
61 |
Replies to list-only preferred. |