So, poking around on my router today, it turns out that I can set up a dynamic IP service for free that allows me to telnet/ftp or ssh/sftp into my desktop should I want to.
I set it up for ssh and sftp, and it all works splendidly. My question is, is there any reason I would want to use plain ol’ telnet/ftp versus ssh/sftp? I only have a shaky understanding of network protocols, but, from what I understand, the two are the same, with telnet/ftp being unencrypted, and the latter being encrypted. Anyone care to explain the difference and the pros and cons of both?
That is to say, right now, I have port 22 (ssh & sftp) forwarded to the target computer, but I’ve left the telnet and ftp ports unforwarded, so you can’t (to my knowledge) access them remotely. Is there any reason I’d want to forward those ports and allow telnet and ftp access?
For what purpose do you want remote access to your computer at all?
FTP and telnet are plain text protocols that are basically archaic security risks today, particularly if authentication is involved. Unless you need to use a computer or device that only supports those protocols there is no reason to enable them, and plenty of reasons not to.
SSH and SFTP are the modern standards. But nothing is perfect, there is always the chance of a security vulnerability or misconfiguration allowing someone unauthorized access to your computer.
One advantage of using a typical home NAT router is that it protects your computer from direct external access over the Internet. By bypassing that protection you are exposing yourself to some additional risk, and unless you have a very specific need that can’t be met in some other way I’d suggest not doing it. Securing an Internet-facing server these days is a pretty thankless task and it’s not something I’d take on as just a hobby.
The biggest reason I can think of to enable telnet/ftp is just to support old equipment for compatibility. We have ftp enabled on a couple of machines so that they can talk to old embedded systems that don’t have a newer or more secure way of transferring files on and off of them.
And of course the biggest reason not to enable telnet and ftp is they are BIG FREAKING UGLY SECURITY HOLES. Passwords and data are sent back and forth unencrypted, so it’s just asking for trouble if it’s not on a private network of some sort.
If you need the functionality and your systems all support the newer encrypted protocols, use those.
Because I want access files remotely as part of my job as a photographer. Sometimes, clients contact me when I’m away from home, and it’s nice to be able to log in to my computer and access files remotely. I’ve been using screensharing and filesharing via “Back to My Mac” for years now, but it’s not been 100% reliable. It’s been mostly reliable, but not completely so. I would prefer a simple FTP-type interface, since I just need to pull files when necessary off my home server.
There is also no reason to use plain FTP. Vanilla FTP without PASV doesn’t work for most folks anyway nowadays. What are you trying to gain? If you were a photography studio accepting photos from many photographers, MAYBE it would be a reason.
Also make sure you are aware of the difference between “SFTP” and the 2 other variants which are very similar. You may find you’re not talking about what you think you are.
From what I can tell, I think I’m using SFTP. When I go to the command line, I type “sftp loginname@myname.myserver.com” and get through after I type my password.
My computer is in Chicago. I’m on vacation or traveling or whatnot in California. A client calls me and wants a photo printed/edited or whatever. Or maybe I want to start working on an album that I don’t have the pictures for locally, so I need to download 80 gigs of data. I want to be able to contact my computer and pull those files as necessary. I can usually do this via “Back To My Mac,” but sometimes the connection is flaky. I have something like 12TB of files on my server that I want access to remotely, when necessary.
If SFTP works for you, and if you have no customers that need to access your stuff directly, then you don’t need to know anything because it’s working for you.
But if you must…
SFTP - basically runs over SSH. File xfers happen over the main connection which is already established and proven. If SSH works, SFTP will too.
FTP/S - Acts like regular FTP, but client must send AUTH SSL or AUTH TLS to activate it. Has some of the same screwy things as FTP.
Third one? I’m at a loss. I may have spoken too soon in saying 3. All I’m finding are synonyms to FTP/S. This is a lot like the secure SMTP deal for sending mail, by the way. Lots of diff names for the same thing. And lots of the “same” names for different things.
At any rate, if you SSH works, your SFTP will work, and if both of those work, you have no reason in holy hell to enable anything else and you should definitely not enable regular FTP.
Just cable here. A couple weeks ago, I uploaded over 70GB of data to another photographer that I was working for, to his FTP server, and it took like 12-14 hours to transfer. A typical day shoot for me is around 60-100GB.
And, to clarify, I don’t want to download 12TB of files. I want to access maybe 60-100GB of files when necessary. Just the latest stuff. I have 20-30TB of stuff that is offline.
I suppose that’s reasonable. I usually consume ~12.1 gigs for a 60min Dig8 tape so 8 hours of material works out to 97 gigs. Fair enough.
If you’re willing to wait 12 hours, that’s different. Try unplugging your network cable once though and make sure your client handles it gracefully. The last thing you want is to have to start over in the morning when you see one little hiccup (storm/etc) caused it to bail overnight.
For the big uploads, nothing is that time sensitive. I do the 12-hour type uploads overnight, so it’s all the same to me. If it hiccups (and it hasn’t yet), I’ll start where it left off later. Anyhow, we’re straying a bit from the topic. I just want to know the pros/cons of the remote access protocols, and it seems there is no pro to telnet/ftp over ssh/sftp from what I can tell.
That’s just it: You may not be able to if it’s one big file. Depends on the client. And I would expect it depends on the server, although I’ve never written an SFTP server*. Don’t expect you can resume a 100GB file where you left off; you may have to start all over on that file. Certainly you can delete the partial one manually and then manually queue up the rest for upload.