FTP (File Transfer Protocol) is the de-facto but unsecure method to transfer files. SSH (Secure Shell) and its family of services like SCP (Secure Copy) and SFTP (Secure FTP) allows you shell (telnet like) access as well as file transfer via SCP and SFTP, securely. By “securely” I mean the data is that flows across is encrypted including the username and password. SSH is a popular protocol for shell access and file transfer in the Linux world.
So given a choice, SCP/SFTP is a better option in terms of “security”. But enabling SFTP/SCP enables, by default, shell access too. Recently for one of my clients, the requirement was to use SCP instead of FTP while blocking shell access so that no user is able to login, in curiosity, nor could execute any program/script on the server, even by mistake. All they could do is to copy files across – from their desktop to the server and vice versa. But, I could not find anything in SSH configuration that barred SSH, while still allowing SCP. Read the rest of this entry »