
FTP over SSH is a secure way to transfer files, but it's not foolproof.
Using SSH keys instead of passwords is a more secure option, as they are harder to crack.
FTP over SSH can still be vulnerable to brute-force attacks, especially if weak passwords are used.
To minimize this risk, it's essential to set a strong password policy and limit login attempts.
Configuring FTP over SSH
You can tunnel FTP over an SSH channel, providing secure transmission of your password. This is done by making use of ssh's local port forwarding capability.
The trick to encrypting the password is to create a proxy on the local host that listens to some high-numbered port. Any traffic sent to that port is encrypted and forwarded to the configured remote address and port.
Only the control connection is encrypted, not the data connection. This means any data you transfer, like directory listings or files uploaded or downloaded, are still sent in the clear.
Worth a look: Ftp Protocol Port
To set up a local port forward, you need to create a sort of proxy on the local host. This is done by sending a local port forwarding request to the remote server, not localhost.
A valid account on the remote host is necessary for the ssh tunnel to work. A valid shell is not strictly necessary, though; something like a pseudo-terminal can be used.
Use of the server host's DNS name or IP address in the ssh tunnel assumes that the routing of traffic to the host's own IP address will be short-circuited in the kernel.
Readers also liked: Ftp Server Site
Using FTP over SSH Tools
You can use various tools to map a local FTP connection on your computer to an SFTP connection to a remote server. Tunnelier and Mindterm are two such tools that allow you to do this.
Tunnelier allows you to map a local FTP connection to an SFTP connection using an FTP to SFTP bridge. To use Tunnelier, you need to download and install it from the Bitvise website, then configure the FTP to SFTP bridge using the instructions on the Bitvise website.
Related reading: Ftp Website Hosting
To connect to the bridge in Beyond Compare using Tunnelier, you need to open the FTP url ftp://localhost/ or ftp://127.0.0.1/. If you configured the bridge to run on an alternate port, specify the port using the syntax ftp://localhost:#/, where # is the alternate port.
Mindterm is another tool that allows you to map a local FTP connection to an SFTP connection. To use Mindterm, you need to download the application binaries and extract the mindterm.jar file.
To set up Mindterm, you need to run cmd.exe or command.com in the Windows Start menu, then read and agree to the Mindterm license agreement. You also need to allow Mindterm to create a folder to store its settings.
Here are the steps to follow once everything is set up:
- Run MindTerm using the command line java -jar mindterm.jar.
- In MindTerm enter the hostname, username, and password when prompted. MindTerm will open the FTP to SFTP bridge automatically.
- Start Beyond Compare and connect to 127.0.0.1.
You can now use Beyond Compare like normal, including comparing and updating files on the FTP server. When you are done, close Beyond Compare, then close MindTerm.
Security and Solutions
Security concerns with FTP over SSH are real, and they can put your data at risk. Data in motion is not encrypted, making it vulnerable to data theft through man-in-the-middle attacks using arp poisoning.
FTP users also run the risk of compromising login information when trying to automate the file transfer process by storing the credential in clear text. People sharing these scripts are also sharing user credentials.
However, SFTP (Secure File Transfer Protocol) is designed to provide high-level security using AES, 3DES, and other algorithms to encrypt all data that flows between systems. SFTP protects against password sniffing and man-in-the-middle attacks.
SFTP also protects the confidentiality and integrity of the data using encryption and cryptographic hash functions, and authenticates both the server and the user, preventing unauthorized access to data stream.
To use SFTP, SSH key pairs must be generated beforehand, and it's recommended to use complex passwords to prevent brute force attacks.
Here are some commercial and open-source solutions for SFTP:
- IBM Sterling Secure File Transfer.
- Tectia SSH Server and Client.
- SolarWinds SFTP/SCP Server.
- OpenSSH.
- Bitvise SSH Server.
- Cerberus SFTP.
- GlobalScape EFT Server.
- GoAnywhere MFT.
- JScape MFT Server.
- FileZilla.
Security Concerns
Data in motion is not encrypted, making it vulnerable to data theft through man-in-the-middle attacks using arp poisoning.
This is a serious security concern, as it can lead to sensitive information falling into the wrong hands. Many organizations rely on secure file transfers to protect their data, but if it's not encrypted, it's like sending a postcard in the mail - anyone can intercept it.
Here are some security concerns with traditional file transfer protocols:
- Data in motion is not encrypted
- UserID and Password are sent in clear text
- FTP users run the risk of compromising login information
- People sharing scripts are also sharing user credentials
These security concerns can be addressed by using a more secure protocol, like SFTP. SFTP protects against password sniffing and man-in-the-middle attacks, and it also protects the confidentiality and integrity of the data using encryption and cryptographic hash functions.
Consider reading: Secure Ftp vs Sftp
Commercial/Open Source Solutions
If you're looking for commercial or open-source solutions for secure file transfer, there are many options available.
One popular choice is IBM Sterling Secure File Transfer, which offers a robust and secure solution for transferring files.
Suggestion: Ftp Secure File Transfer
SolarWinds SFTP/SCP Server is another option, known for its ease of use and scalability.
For those on a budget, OpenSSH is a free and open-source solution that's widely used and respected.
Other notable options include Bitvise SSH Server, Cerberus SFTP, GlobalScape EFT Server, GoAnywhere MFT, JScape MFT Server, and FileZilla.
Here are some of the commercial/open-source solutions mentioned, listed for your reference:
- IBM Sterling Secure File Transfer
- Tectia SSH Server and Client
- SolarWinds SFTP/SCP Server
- OpenSSH
- Bitvise SSH Server
- Cerberus SFTP
- GlobalScape EFT Server
- GoAnywhere MFT
- JScape MFT Server
- FileZilla
FTP in ABAP with SAP
FTP in ABAP with SAP is a bit of a different beast. You can use the FTP function module to connect to an FTP server and transfer files.
The FTP function module is called FTP_CONNECT. You can use it to establish a connection with an FTP server, specifying the server address, username, and password.
In ABAP, you can use the FTP function module to transfer files in ASCII or binary mode. This is useful when working with text files or binary files like images.
To transfer files using FTP in ABAP, you need to use the FTP function module in a loop to iterate over the files you want to transfer.
Consider reading: How to Go to Ftp Site
Frequently Asked Questions
Why is FTP no longer used?
FTP is no longer widely used due to its inherent security vulnerabilities, including the lack of default encryption, making it a high-risk protocol for transferring sensitive data. Its insecure nature has led to the adoption of more secure alternatives, such as SFTP and HTTPS.
Can files be transferred over SSH?
Yes, files can be transferred over SSH using the SCP protocol, which leverages the secure connection provided by the SSH protocol. This secure method allows for easy and reliable file transfers between computers.
Featured Images: pexels.com


