Am Sat, 29 Apr 2017 20:30:03 +0100
schrieb lee <l...@yagibdah.de>:

> Danny YUE <sheepd...@gmail.com> writes:
> 
> > On 2017-04-25 14:29, lee <l...@yagibdah.de> wrote:  
> >> Hi,
> >>
> >> since the usage of FTP seems to be declining, what is a replacement
> >> which is at least as good as FTP?
> >>
> >> I'm aware that there's webdav, but that's very awkward to use and
> >> missing features.  
> >
> > What about sshfs? It allows you to mount a location that can be
> > accessed via ssh to your local file system, as if you are using
> > ssh.  
> 
> Doesn't that require ssh access?  And how do you explain that to ppl
> finding it too difficult to use Filezilla?  Is it available for
> Windoze?

Both, sshfs and scp, require a full shell (that may be restricted but
that involves configuration overhead on the server side). You can use
sftp (FTP wrapped into SSH), which is built into SSH. It has native
support in many Windows clients (most implementations use PuTTY in the
background). It also has the advantage that you can easily restrict
users on your system to SFTP-only with an easy server-side
configuration.

> > Also samba can be a replacement. I have a samba server on my OpenWRT
> > router and use mount.cifs to mount it...  
> 
> Does that work well, reliably and securely over internet connections?

It supports encryption as transport security, and it supports kerberos
for secure authentication, the latter is not easy to setup in Linux,
but it should work with Windows clients out-of-the-box.

But samba is a pretty complex daemon and thus offers a big attack
surface for hackers and bots. I'm not sure you want to expose this to
the internet without some sort of firewall in place to restrict access
to specific clients - and that probably wouldn't work for your scenario.

But you could offer access via OpenVPN and tunnel samba through that.
By that time, you can as easily offer FTP, too, through the tunnel
only, as there should be no more security concerns now: It's encrypted
now. OpenVPN also offers transparent compression which can be a big
plus for your scenario.

OpenVPN is not too difficult to setup, and the client is available for
all major OSes. And it's not too complicated to use: Open VPN
connection, then use your file transfer client as you're used to. Just
one simple extra step.


-- 
Regards,
Kai

Replies to list-only preferred.


Reply via email to