|
Posted by on December 16, 2007, 7:23 pm
If you were Registered and logged in, you could reply and use other advanced thread options > ev...@silenceisdefeat.org wrote:
> > In Core FTP, is it better to use AUTH SSL or SSH/SFTP?
>
> SSL. SSH/SFTP only protects the data transfer channel, not the command channel.
I don't know enough about it to understand how that addresses which is
better to use.
>
> > This may (or not) have a bearing on it. When I connected using AUTH
> > SSL, the connection script said:
>
> > ...
> > AUTH SSL
> > 500 This security scheme is not implemented
> > ...
>
> > It then went on with the connection. I contacted the people who are
> > hosting my account and the first guy said that :
>
> > "That error message is misleading, it means that the ssl cannot be
> > authenticated but it will still use the encryption layer."
>
> Well, are you doing implicit or explitic SSL authentication?
Not being familiar with these terms, and failing to find definitions
that I could understand, I don't know. I enter a username and password
into the login screen, which I would intuitively think would mean
"explicit", but I don't understand how that relates to whether my
password and data are encrypted. If I were familiar enough with these
things, I would probably not have to post questions to begin with.
>
> > In Winscp, which only uses SSH (and I have that enabled in my
> > account), One of the fields in the login screen is "Private Key File".
> > Core FTP did not have such a field. In any case, what happens if I
> > leave that field blank?
>
> Nothing.
Thanks! I can understand that answer.
>
> > Is my password and data going out unencrypted if I have not set up a
> > private key?
>
> No. It just means that the server cannot authenticate you, that is, the
> server doesn't know who he's talking to. A malicious user might insert
> commands on the command channel on your behalf without being detected.
Ok, thank you.
| 
XML site map