sftp vs. rsync vs. webdav
rengolin
I'm studying a secure and easy solution (both for admin and users) to
share files across different countries. The security is more a matter
of protecting our machines for not becoming a spam or virus relay than
protecting the data itself. We also need to automate copies between
places and because files are too big (several gig) it'd be good to
know beforehand if the file changed or not.
We currently use unsecured FTP with (plain) password protection and IP
restriction but that's too weak. We thought about three ways to go
forward:
1. sFTP: FTP already have path restriction so adding an SSL layer to
the FTP would protect man-in-the-middle attack to get the password.
But automation is still a problem and scripts have to be written to
connect first, check sizes and dates than decide what to do.
2. rsync over SSH with rssh: Same as above, the SSL layer protect the
channel, rssh protect remote execution of unwanted commands and the
rsync does the rest for automation, but there is no path restriction
unless we use chroot and chroot raises more concerns in maintaining
the infra-structure.
3. Webdav: It uses Apache SSL, there is no remote execution, there is
path restriction and it's simple to use even mounting on the remote
machine using davfs, so automation is transparent. The problem is
history.
FTP, ssh, rsync are working for decades from small to huge sites, from
lots of small files to a few big files and all the little interface
and protocol problems were already solved, but I'm not sure about
WebDav.
It exists for quite a while but I'm not seeing big sites like
kernel.org providing their files over webdav and when I search for
unix file sharing I don't see webdav in the first results.
Anyone can tell me how reliable and stable webdav really is or if
there is yet another solution I haven't considered?
I will, of course, do several crash and penetration tests on it but
thought asking on usenet could be a valuable resource to help my
decision.
thanks,
--renato
Wayne
> Hi all,
>
> I'm studying a secure and easy solution (both for admin and users) to
> share files across different countries. The security is more a matter
> of protecting our machines for not becoming a spam or virus relay than
> protecting the data itself. We also need to automate copies between
> places and because files are too big (several gig) it'd be good to
> know beforehand if the file changed or not.
>
> We currently use unsecured FTP with (plain) password protection and IP
> restriction but that's too weak. We thought about three ways to go
> forward:
>
> 2. rsync over SSH with rssh: ...
> 3. Webdav: ...
> ...
Another choice is Unison, which is a wrapper around rsync. I use
that to maintain website mirrors. It works fine.
-Wayne
rengolin
> Another choice is Unison, which is a wrapper around rsync. I use
> that to maintain website mirrors. It works fine.
Hi Wayne,
Unison looks nice, but it still require SSH tunnel to work securely,
so I still need to create a Unix user in the server for the transfer
and all problems with rssh, chroot and so will happen as well. This is
what was so attractive from webdav, it uses Apache's SSL and HTTP
(super-fast and highly-scalable) connections to download the files.
What I liked of this Unison is that it's a two-way synchronization
instead, which is very good for some internal directories and I may
end up using it locally, thanks!
--renato