No Plain Jane FTP Here

No Plain Jane FTP Here

Are you giving your password away?

The answer is YES! if you are not encrypting your communications. I can see your face now, eyes bulging, leaning into the monitor to see if you read that correctly, and the stammer "But, but, err, well… of course I have to send my password or I wouldn’t be able to log into the server!" Yes, that is true, but did you know that when you send your password in standard FTP, it is sent in plain text (I.E., in the clear and unencrypted)? You bet, and even more troubling here is the fact that anyone between you and the server can capture this information and any other data you are transferring.

"Are you kidding me? How can I solve this problem? "

Don’t panic! Help is on the way…

The solution is actually much easier than you are imagining and is called SFTPwhich stands for "SSH File Transfer Protocol" which is essentially just FTP over SSH using strong encryption. At this point, some advanced readers may be thinking of using SCP over SSL (same result, but different configuration); but for the sake of simplicity, I am going to keep this article limited to SFTP as it is the the configuration I prefer (you are encouraged however to follow the links I provided to explore other ways of doing this)

"Ok, so what is this going to cost me and how much hair am I going to pull out?

Well, you’re in luck! There are quite a few SSH/SFTP clients available and the two I am going to introduce you to are FREE. Yep, that’s right...free: A couple of very nice examples;

PuTTY; This application is well documented and popular. There is even a version that can be used on Symbian but I believe it is over-hyped...your mileage may vary.

Tunnelier; My personal favorite and I think many will agree with me that this client is more intuitive, robust, and functional with a very well designed GUI

Bitvise’s Tunnelier SFTP Client includes the standard features (Explorer type interface, etc) you would expect from a good FTP solution but it also adds strong encryption using PGP style key pairs. Yes, this means you will have to generate the keys you will be using. However, this tool generates them auto-magically during the set up process. At most, this might add a couple more minutes to the set up...a small price to pay when securing your confidential data.

I really like this client as it allows me to open both the terminal console and the SFTP client at the same time. Even better, is the fact that Tunnelier supports having multiple instances of the program open simultaneously (handy if you are working on more than one site at a time…)

It really is pretty easy to setup and use. However, if you should have questions or points of discussion, I think you know where to find me. If I do not know the answer or solution, I should at least be able to point you in the direction of a suitable answer. And of course, please be sure to point out any flaws in this tip. :)

Ref; http://www.bitvise.com/tunnelier.html

Ref; http://www.chiark.greenend.org.uk/~sgtatham/putty/

BTW When I get a bit more time to spare, I will probably add to this with a pictorial for setting up an SSH client and SFTP.

NOTE: I would mention that SSH access is required in order to use SFTP or to implement most security protocols. If you have a freebie or virtual site, it is unlikely that you have that access. You can try to ask for access from these type providers but it is unlikely that the access will be available to you. To be blunt; If you are really concerned about the security of your site and the data stored there, I would suggest finding a real provider.

HTH