[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Programs for direct friend-to-friend file transfer?

On Sun, Jun 03, 2012 at 08:41:40AM +0100, Chris Davies wrote:
> Rob Owens <rowens@ptd.net> wrote:
> > I agree with using ssh, but I'd configure it to force sftp upon login
> > like this:
> 
> I figured I'd frighten the OP if I added too much complexity.
> 
Fair enough!
> 
> > It's simpler to just AllowUsers user1 user2 user3
> 
> Fair point in the circumstances.
> 
> 
> >> 6.  Make sure that your password, and your friend's password on your
> >>     machine, is sufficiently complex that others are unlikely to guess it.
> >> 
> > Always a good idea, but the risk is lessened by forcing sftp [...])
> 
> Not sure you lessen the risk if the password's weak.
> 
I only meant that if an attacker can guess a password, but is
constrained to SFTP, and there is nothing important on the SFTP server,
then not much harm is done.  Of course there's always the risk that a
vulnerability is discovered in the SFTP server...

> 
> > Instead of using rsync, use FileZilla or another FTP client [...]
> 
> I had assumed the OP was talking about a Linux environment. Otherwise
> why would they have been posting to this list?
> 
FileZilla is available in Debian (in case you didn't know).  I only
recommended it because it's a popular name.  And for beginners, I think
a GUI FTP application is easier than rsync.

-Rob
Reply to: