[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Programs for direct friend-to-friend file transfer?

On Sun, Jun 03, 2012 at 08:41:40AM +0100, Chris Davies wrote:
> Rob Owens <rowens@ptd.net> wrote:
> > I agree with using ssh, but I'd configure it to force sftp upon login
> > like this:
> I figured I'd frighten the OP if I added too much complexity.
Fair enough!
> > It's simpler to just AllowUsers user1 user2 user3
> Fair point in the circumstances.
> >> 6.  Make sure that your password, and your friend's password on your
> >>     machine, is sufficiently complex that others are unlikely to guess it.
> >> 
> > Always a good idea, but the risk is lessened by forcing sftp [...])
> Not sure you lessen the risk if the password's weak.
I only meant that if an attacker can guess a password, but is
constrained to SFTP, and there is nothing important on the SFTP server,
then not much harm is done.  Of course there's always the risk that a
vulnerability is discovered in the SFTP server...

> > Instead of using rsync, use FileZilla or another FTP client [...]
> I had assumed the OP was talking about a Linux environment. Otherwise
> why would they have been posting to this list?
FileZilla is available in Debian (in case you didn't know).  I only
recommended it because it's a popular name.  And for beginners, I think
a GUI FTP application is easier than rsync.


Reply to: