Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

scp vs. sftp

1 view
Skip to first unread message

Bob

unread,
Jan 27, 2002, 5:16:19 PM1/27/02
to
What is the difference between scp and sftp?
I just want a quick summary.
They seem like they do the same things with different names. :-)

Richard Silverman

unread,
Jan 30, 2002, 2:33:39 PM1/30/02
to
>>>>> "Bob" == Bob <bob_nospa...@mail.com> writes:

Bob> What is the difference between scp and sftp? I just want a quick
Bob> summary. They seem like they do the same things with different
Bob> names. :-)

You must distinguish between scp/sftp as protocols and as programs.

The scp protocol is simply rcp run over an SSH connection.

The sftp protocol is a completely separate, new file-transfer protocol
(designed by ssh.com, now on the IETF standards track). It also
incorporates no security features by itself, but is intended to be run
over a secure transport (e.g. SSH).

In the OpenSSH and SSH1 software, the "scp" program uses the scp protocol,
and expects a compatible copy of the scp program on the remote side.

In the ssh.com SSH2 software, the "sftp" program uses the sftp protocol to
provide an FTP-like command-line file-transfer utility. The "scp" command
*also* uses the sftp protocol, just providing a different, rcp-like UI.

--
Richard Silverman
sl...@shore.net

Bob

unread,
Feb 1, 2002, 10:18:10 PM2/1/02
to

Thanks Richard.

> The sftp protocol is a completely separate, new file-transfer protocol
> (designed by ssh.com, now on the IETF standards track). It also
> incorporates no security features by itself, but is intended to be run
> over a secure transport (e.g. SSH).

Is there something in the sftp protocol to ensure it is running over a
secure transport (I hope so)?

Richard E. Silverman

unread,
Feb 1, 2002, 11:52:33 PM2/1/02
to
>>>>> "Bob" == Bob <bob_nospa...@mail.com> writes:

Bob> Is there something in the sftp protocol to ensure it is running
Bob> over a secure transport (I hope so)?

No, and there couldn't be -- that doesn't make sense; it's like asking
whether English has some feature in it which ensures you can speak it over
a telephone but not a walkie-talkie.

--
Richard Silverman
sl...@shore.net

Dan Baker

unread,
Feb 4, 2002, 10:17:28 PM2/4/02
to

Richard Silverman wrote:
> Bob> What is the difference between scp and sftp?

---------

ok... this brings up a question I've been meaning to ask as a total
newbie to SSH and its implications...

is transferring files via scp more secure only with respect to the
actual contents of the files being transferred,
OR,
is it more secure in any way with respect to hackers being able to get
into a server set up to only allow scp access and not ftp?

I ask because I have one client with a host that does not allow ftp
access, and insists on scp file transfers. I am wndering if it is
actually any more secure with regard to the server, or just protecting
the data in transit.

thanx,

Dan

Stuart Lamble

unread,
Feb 4, 2002, 10:29:08 PM2/4/02
to
In article <3C5F4F37.CB84D2F6@nospam_dtbakerprojects.com>, Dan Baker wrote:
>ok... this brings up a question I've been meaning to ask as a total
>newbie to SSH and its implications...
>
>is transferring files via scp more secure only with respect to the
>actual contents of the files being transferred,
>OR,
>is it more secure in any way with respect to hackers being able to get
>into a server set up to only allow scp access and not ftp?
>
>I ask because I have one client with a host that does not allow ftp
>access, and insists on scp file transfers. I am wndering if it is
>actually any more secure with regard to the server, or just protecting
>the data in transit.

With ftp, (except perhaps -- haven't used it -- sftp), the password is
transmitted in the clear. scp encrypts the username and password, so
that's one way that it protects you.

In addition, as you say, the contents of the file are encrypted in the
transfer.

HOWEVER, it is (AFAIK) nearly impossible to allow scp without allowing
ssh into the system. ftp will let you do this, though. If it is important
to you to prevent login access to the system, scp is not your best bet;
you may want to look into ssl-ftp or similar (my Web access at the moment
is non-existent, so I can't go googling for information.)

Standard disclaimers: ICBW, etc.

HTH,

Stuart.

--
"You didn't slay the dragon?!"
"It's on my to-do list, now come on!"
-- Shrek.

Pontus Skold

unread,
Feb 5, 2002, 8:22:20 AM2/5/02
to

s...@debtemp.lib.monash.edu.au (Stuart Lamble) writes:


> HOWEVER, it is (AFAIK) nearly impossible to allow scp without allowing
> ssh into the system. ftp will let you do this, though. If it is important
> to you to prevent login access to the system, scp is not your best bet;
> you may want to look into ssl-ftp or similar (my Web access at the moment
> is non-existent, so I can't go googling for information.)

Another possible solution for this is using a web server to offer a
"file area". Clients supporting FTP over SSL are rather rare, but
there are plenty of clients supporting HTP over SSL (and some people
are actually wise enough to be unwilling to to install all software
they are recommended).

And this is probably OT.

/Pont
--

Pontus Sköld, UU | Contact information at <URL:http://www.dis.uu.se/~pont/>

0 new messages