Correct. There is zero, nada, no reason to enable regular FTP if you are the only uploader and can use SSH. Question answered there. There are no cons to SSH/SFTP except incompatibility for people who are stuck in the 80’s like me. And even I use SSH. Use SFTP with confidence.
If you use ssh, turn off password authentication and enable public key authentication instead. It will prevent brute force password attacks and secure your Mac much, much better. It’s also extremely convenient not to have to type passwords, especially if you you eventually start to write scripts that use ssh or rsync via ssh.
There are countless tutorials returned via Google, so I won’t bother to link to any one in particular, but it’s really easy.
I agree with the above. I would like to add the only reason to use FTP is when SFTP isn’t supported. The only example that comes to mind is there are document scanners which support FTP, but not SFTP.
The history and still common use for FTP is for FTP anonymous websites, such as to download software for certain products. Although many of those kinds of sites have gone away.
In summary:
SFTP is secure over using FTP.
ssh is secure over using telnet.
Take a look at rsync, it might be able to resume transferring a big file from where it left off.
No. SFTP is a file transfer protocol, but not THE classic, RFC’d, “FTP”.
SFTP is a part of SSH protocol, and does file transfer in the same way as scp does.
Classic old FTP had a bizarre use of ports… well a newer protocol is designed to use OOB rather than a separate port…
And for completeness, SCP is secure copy.
This is also a good protocol to use - it just uses the already established ssh connection to tunnel the copy.
One additional thing you can do is use an alternative port (some random number between 1025 and 65534 that you can remember) on the internet side of your router, so port scanners don’t hit port 22 and automatically start trying to login via ssh. I will be clear, this doesn’t add much more security, but it does make the open port slightly harder to spot (the time difference between scanning a few known ports and all possible ports is fairly large, although there are some very fast port-scanners out there), and the open port then has to be tested to see what protocol it is, increasing the likelihood of detection by an intrusion system.
And to be clear, you will be port-scanned.
Thanks. I will look into that. The main reason I was wondering about the FTP side of things is that most of the places I upload files to (like my website and to certain photo hosting and processing sites) use FTP, and I wasn’t sure if there was a reason why FTP would be used over SFTP. I’ve used SSH before but, honestly, any place I’ve needed to FTP into has been vanilla FTP from what I could tell (port 21, simple “ftp” from the command line), and I was wondering if I was missing something.
English is such a rich language. The word “over” here leads to ambiguity.
FTP/S is a secure channel “over FTP”. (as in “on top of” on the protocol level)
SFTP is secure “over FTP” (meaning “more secure”)
Take your pick.
Thanks. I was briefly wondering about that, too, whether I should change the default port 22 to a five-digit port number that only I would know. (That is, minus port scanners that would figure it out eventually.)
Alternatively to uploading files to a remote/cloud storage you could use services like TeamViewer
It’s required that your PC is turned on at home and connected to the internet.
You can remote control your PC or just copy files from your PC to your portable device via the inbuilt file transfer system.
Just make sure, that you use a secure password, don’t share it and change it regularly, esp. if you use 3rd party devices.
Thanks. I do actually have Team Viewer installed, and I use Screen Sharing via Back To My Mac (or whatever they call it these days) when I need graphical access to my computer (but, like I said, sometimes the connection can be flaky, although it seems to have gotten better over the last few years.) I just wanted a lightweight FTP-like solution, as I can also pull up photos or documents and browse my computer via my phone or tablet’s SFTP client should I ever need to. I know there are cloud-based ways of doing this, but I find it nice to have direct access to my machine, as long as the security concerns are relatively mild.
Sure, but why open up your system to all sorts of security issues when you can just use the file browser in TeamViewer?
It’s basically a much more secure version of the ftp solution you are looking for.
How much of a security risk is ssh and sftp? Is there anything I should do to bolt it down more?
It’s just as strong/weak as your password. No more insecure than any site you may have an account with. If you really wanted to, you could limit the IPs from which logins are allowed, but then you wouldn’t be able to access your stuff from the road.
Somehow I don’t think somebody’s going to take the time to brute force a login just to sneak a glimpse of some wedding photos. Now if you’re a noodie photographer, that’s another matter altogether.
That’s what I figured. I’m not really worried about anyone wanting to break in for any reason. Just want to make sure I’m not missing something obvious.
Another thought if you’re flexible about your FTP client is Interarchy. It can act just like an FTP client over ssh and you won’t have to setup some type of ftp service on your Mac.
If you prefer the command line (it sounds like this may be the case), then also consider installing lftp. It has great features like mirroring and handles multi-segment file transfers very easily. This latter may not be important if you’re not throttling ftp on your own Mac, but it’s awesome for connecting to VPS and the like that may limit ftp traffic throughput.