> ----- Original Message ----- > From: Matthew J. Roth > Sent: 09/09/13 11:24 PM > To: Community support for Fedora users > Subject: Re: tls > > >>> Patrick Dupre wrote: > >>> > >>> ssh works fine. However, I have a possible explaination. > >>> This machine is behind a firewall and to be able to make ssh, I > >>> add to ask to have the ssh port open. Probably, the ftp port is > >>> closed. Should I ask to have it open to use ssl/tls? > >>> Is it port 21? or 990? how can I check the port 22 is open > >>> while the other ones are closed on the firewall (I do not have > >>> admin access to this machine). > >> > >> Matthew J. Roth wrote: > >> > >> Do you have a compelling reason to use FTPS. If not, SFTP provides the same > >> functionality (encrypted file transfers) and it runs over SSH, so it should > >> *just work* in your environment. > > > > Patrick Dupre wrote: > > > > Yes, I know, but ssh/tls seems more secure! Thank Matthew. I probably need to learn more how to use sftp for having best secure transfers using my own key. > > Patrick, > > Both FTPS and SFTP utilize essentially the same techniques to secure a > connection and provide similar levels of security. FTPS has a slight edge > when it comes to authentication, because it uses X.509 certificates while SFTP > uses SSH keys. However, this is only relevant if personally verifying the > authenticity of keys (e.g. issuing a key yourself or verbally confirming its > fingerprint by phone) isn't sufficient and you require a CA to verify the > authenticity of certificates instead. > > On the other hand, SFTP is easier to administer from a network perspective > since only port 22/tcp must be opened in the firewall. This is the same port > used by SSH, so in many cases (including yours) it's already open. > > In my opinion, FTPS is slightly less secure than SFTP because its risks (running > an additional daemon and opening multiple firewall ports) outweigh its benefit > (X.509 authentication). Considering that SFTP is probably already available on > your computer (it's enabled by default), it's the obvious choice unless you > absolutely require X.509 authentication for file transfers. > > Regards, > > Matthew Roth > InterMedia Marketing Solutions > Software Engineer and Systems Developer > -- > users mailing list > users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org =========================================================================== Patrick DUPRÉ | | email: pdupre@xxxxxxx Laboratoire de Physico-Chimie de l'Atmosphère | | Université du Littoral-Côte d'Opale | | Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44 189A, avenue Maurice Schumann | | 59140 Dunkerque, France =========================================================================== -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
