Re: Secure file transfers

[scott hollatz <shollatz () D UMN EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> SFTP and SCP may suffer from bad passwords, but that's not a function of
> those tools, but of users.  All password based systems are thus equally bad,
> but that's absurd as PINs and passwords are the de facto user authentication
> scheme no matter how much security gurus lambaste them.
>
> SCP can be configured to only allow public key crypto logins, so it allows
> for greater security.  Unlike FTP, SCP is secure end-to-end, including the
> password handshake.

Yes, I forgot to add in my eariler response that we also offer scp and
rsync+ssh as part of the solution.

Also, vendors must be aware of the difference between FTP+SSL and a
secure file transfer protocol such as scp or sftp as part of SSH.
There's nothing worse than doing a bunch of firewall gymnastics due to
a miscommunication and telephone tag.

> Of course, there are web services out there that allow for secure file
> transfers (secure messaging and the like), but they cost money naturally.
> The upside is you can do the transfers without requiring people have/use
> SFTP/SCP, something few people would have available.  I've used Yozons and
> found it worthwhile, but it's also password-based authentication, so if
> that's the stumbling block, then you can forget it.
>
> Harrold

- --
scott hollatz                                        net shollatz () d UMn eDu
information technology systems and services          tel +1 218 726 8851
university of minnesota duluth mn usa                fax +1 218 726 7674
                                                                         --
                                              "Asn aD ta zlAp em uT zt33rg"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (SunOS)

iD8DBQFGP1+K4og1WWfEVRsRAn49AKCEUuOi1BaFyfo3seC4zziCsY9NKwCgj8T2
8/OXmSZ2pyAs8WSrCXxiA30=
=AdoO
-----END PGP SIGNATURE-----