Re: Programs for direct friend-to-friend file transfer?
On Sun, Jun 03, 2012 at 08:41:40AM +0100, Chris Davies wrote:
> Rob Owens <firstname.lastname@example.org> wrote:
> > I agree with using ssh, but I'd configure it to force sftp upon login
> > like this:
> I figured I'd frighten the OP if I added too much complexity.
> > It's simpler to just AllowUsers user1 user2 user3
> Fair point in the circumstances.
> >> 6. Make sure that your password, and your friend's password on your
> >> machine, is sufficiently complex that others are unlikely to guess it.
> > Always a good idea, but the risk is lessened by forcing sftp [...])
> Not sure you lessen the risk if the password's weak.
I only meant that if an attacker can guess a password, but is
constrained to SFTP, and there is nothing important on the SFTP server,
then not much harm is done. Of course there's always the risk that a
vulnerability is discovered in the SFTP server...
> > Instead of using rsync, use FileZilla or another FTP client [...]
> I had assumed the OP was talking about a Linux environment. Otherwise
> why would they have been posting to this list?
FileZilla is available in Debian (in case you didn't know). I only
recommended it because it's a popular name. And for beginners, I think
a GUI FTP application is easier than rsync.