Education needed: ftp with SSL versus ftps - is there a difference?

I have a certificate on my host. I have a client that is establishing a full (control and data) SSL connection with that host. Over that connection I can transfer a file in either direction.

Is this equivalent to using ftps, or is there some additional benefit to using ftps versus ftp with SSL?

(I hope that question makes sense)

ftp is the simply file transfer protocol.
ftps is same wrapped in SSL.
and sftp is file transfer over ssh.

for my tools I prefer to use sftp.

[quote=172278:@Christian Schmitz]ftps is same wrapped in SSL.
[/quote]

So, does that mean it is valid to use SSL with an ftp://… destination (not ftps://…)? When I write to an ftps://… destination it wants to use a different port on the host, and I don’t know if that is important for security purposes.

[quote=172278:@Christian Schmitz]for my tools I prefer to use sftp.

[/quote]
Do you prefer this because you feel it is more secure?

it just works fine with CURL Plugin. And with SSH I don’t need to worry about higher ports like for FTP.
And SSL certification trouble is not there.

[quote=172282:@Christian Schmitz]it just works fine with CURL Plugin. And with SSH I don’t need to worry about higher ports like for FTP.
And SSL certification trouble is not there.[/quote]
OK. Trying to get what I think is sftp to work.

  • I am able to establish normal ftp communication with a “ftp://” url.
  • I am able to establish an SSH FTP communication with an FTP client program, where I provide public/private key pair for my server and I use an “ftps://” url.
  • Using CURLSMBS, every time I use a “sftp://” url I get an error code 78 (REMOTE FILE NOT FOUND).
  • Looking at the CURLSMBS example for sftp, there appears to be no security parameters called out anywhere (other than username:password) - (no ssl, no certificates, etc.). All that seems to be specified to indicate sftp is the “sftp://” url. Am I missing something?

Bottom line - how do I implement sftp? or why am i getting a code 78 error when I use the sftp:// url?

I guess the most clear 1st question is this: do I need to use the "sftp://: url in order to achieve an sftp transfer?

For CURL it’s sftp:// URL to indicate you want SSH file transfer.

For key files, you can use OptionSSHPrivateKeyfile and OptionSSHPublicKeyfile to store the file path to the key files.

With error 78, maybe URL is wrong?

[quote=176342:@Christian Schmitz]For CURL it’s sftp:// URL to indicate you want SSH file transfer.

For key files, you can use OptionSSHPrivateKeyfile and OptionSSHPublicKeyfile to store the file path to the key files.

With error 78, maybe URL is wrong?[/quote]
I have successfully communicated via SSL to “ftp://myurlpath”, and I am using same myurlpath for CURL, except the ‘sftp’ prefix: “sftp://myurlpath”. Is CURLSMBS actually using the sftp: prefix to communicate to the server, or is it removing the initial ‘s’ prior to contacting the server?

Using what protocol in this test? HTTP or FTP? SSL is an encryption layer over the usual protocol. So using FTP a man-in-the-middle can “see”, read and understand all your bytes and strings flowing in the connection. FTPS encrypts this talk and the content looks like garbage, so, it’s considered “secure”.

When your client side wants to talk to a “host” there you have to have a server counterpart able to understand your encryption layer AND protocol. Both sides MUST be compatible.

That said, FTP (and FTPS) and SFTP are different beasts. :slight_smile:

FTPS is a FTP protocol with encrypted content. It’s served by a File server serving FTP, ports varies for clear or encrypted, and 2 channels are used, data and control. Usually 21 for command, and other for data (default 20, but it changes)

SFTP is served by a File server serving through SSH in a bidirectional encrypted tunnel usually in port 22.

It’s common people with a FTP server having problems trying to use SFTP client (SSH server not present) and the inverse, having a SSH server and trying to access it using a FTP client. Both cases is a no-no.

I can say that I use SFTP in a lot of my own tools with username and password for authentication.
Works well with CURL plugin.

Using key file should also work.

[quote=176342:@Christian Schmitz]For CURL it’s sftp:// URL to indicate you want SSH file transfer.

For key files, you can use OptionSSHPrivateKeyfile and OptionSSHPublicKeyfile to store the file path to the key files.

With error 78, maybe URL is wrong?[/quote]
I have also established and set the public/private key files in CURL, I just can’t get past the url problem.

Perhaps this is a clue for my URL problem. If I have an SSH server set up, will it recognize the SFTP:// url?

Mark, download Cyberduck and try to connect to SFTP on port 22. Let’s see what it returns. :wink:

https://cyberduck.io/

http://www.one.com/en/support/faq/how-do-i-connect-to-an-sftp-server-with-cyberduck

Check with your hosting if you have to enable something there before starting, as you can see, it happens on the one.com hosting above. :wink:

OK - forgive the content dump below. I believe I am now able to connect via sFTP. Using IP address rather than “sftp://…” url because I haven’t updated my DNS yes for sFTP - will get to that. I am using key-pair for authentication.

Download starts and goes to 100%, but then I get this debug sequence and transfer ends in error code 23 (WRITE ERROR).

Any ideas?

[6648] Debug message, infotype 1: HTTP/1.1 405 Method Not Allowed
[6648] Debug message, infotype 1: Date: Thu, 26 Mar 2015 02:33:00 GMT
[6648] Debug message, infotype 0: Server Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 is not blacklisted
[6648] Debug message, infotype 1: Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
[6648] Debug message, infotype 1: Allow: GET,HEAD,POST,OPTIONS,TRACE
[6648] Debug message, infotype 1: Content-Length: 534
[6648] Debug message, infotype 1: Content-Type: text/html; charset=iso-8859-1
[6648] Debug message, infotype 1: X-Pad: avoid browser bug
[6648] Debug message, infotype 1:
[6648] Debug message, infotype 3:
[6648]
[6648] 405 Method Not Allowed
[6648]
[6648]

Method Not Allowed


[6648]

The requested method GET is not allowed for the URL /myfileurl.


[6648]

Additionally, a 404 Not Found
[6648] error was encountered while trying to use an ErrorDocument to handle the request.


[6648]

[6648] Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Server at 166.62.36.166 Port 80
[6648]
[6648] Debug message, infotype 0: Failed writing body (0 != 534)
[6648] Debug message, infotype 0: Closing connection 0
[6648] Upload result: error code: 23

what is your URL? It looks more like you got a HTTP server to answer!?

maybe you want to email me your test project?

[quote=176512:@Christian Schmitz]maybe you want to email me your test project?

[/quote]
Hi Christian. I sent you a snippet of my code in a private conversation as a start to see if there is anything obvious there. I think I am not properly specifying the SSH or sFTP transfer mode - but please take a look and let me know what you think.

Thanks.

[quote=176381:@Rick Araujo]Mark, download Cyberduck and try to connect to SFTP on port 22. Let’s see what it returns. :wink:

[/quote]
I use Ipswitch as my usual ftp client. I was able to set up and successfully establish an SSH/sFTP connection on port 22 with that to my server.

FYI - I did have to go to my server and enable SSH access - which I did before the latest issue above, where I connected but now am getting an error code 23. I am now see if Christian can identify anything obvious from my use of CURLSMBS that would cause that error.

SUCCESS. Thanks Christian for working through that with me. After figuring out how to gain SSH access to my server and then, the harder part, finding where the mount point was located in the directory structure - now CURLSMBS is enabling me to sFTP transfer from client to server!

Thanks to all for your helpful input.

:slight_smile: