Still using FTP? Why?

I’ve long since switched over to SSH and SFTP on all of my development servers. I don’t think much of it, since it’s really so easy to do even on Windows, but SSH and SFTP recently helped me solve a problem that was driving me up the wall. So, I figured, why not do a bit of advocacy?

For those of you living entirely in a third-world country, SSH is secure shell, and can be thought of as a cryptographically-secure form of telnet. SFTP is a file-transfer protocol built on top of SSH. There are several Windows installers for the daemon/service, but be wary that you are probably only going to be able to run one of them. The free ones are all built on cygwin, which is notoriously fascist about DLL versions. If you want to try more than one, you’ll need to un install each before moving on to the next. All of the packaged installers are dead simple.

There is one crucial thing I would recommend when you do your install: if your server faces the Internet, do not use the default port of 22. Bot networks, especially Chinese, now scan for SSH servers, just like they scan for FTP servers and SMTP servers and proxy servers, etc. Leaving SSH on the default port is just like asking to be hammered-on by zombies all day trying to get in. Trust me on this, I have personal experience with it. Pick some random high port and change the config file (normally {installdir}/etc/sshd_config) to use it instead. Yes, it’ll be a real pain when you can’t remember what port you chose, but it’ll save you hours of annoyance in the long run. Should you decide to go the high road and try to log and report all of the zombies that bang on your door, I wish you good luck. Nutjob.

Your next step would be to set up your editing software to use SFTP instead of regular FTP. Wayne Graham has a great tutorial on how to do this for CFEclipse. Adobe has official tech notes on how to do it for Dreamweaver. If you are using Homesite or something else that doesn’t support SFTP natively, you’ll have to come up with something more creative, like maybe SftpDrive. I don’t think there’s a way to mount an SSH server as a Mac drive, but do correct me if I’m wrong.

Now on to the interesting part of all of this. If you thought FXP was pretty cool, wait until I tell you about SSH tunneling. With every SSH server you run, you get a SOCKS5 proxy server for free! With the correct configuration in apps that support SOCKS5, you can connect to your SSH server and use it as your link to the outside world. If your app doesn’t support SOCKS5, you can still tunnel specific ports.

SSH tunneling recently solved a problem I was having with my (personal) web host. They have an over-aggressive firewall on their FTP service that occasionally blocks the sub net I come from when I’m at work. Thus, I can’t do things like upload photos from work. From home, however, everything is fine. Enter the SSH tunnel. I use the aptly titled SSH Tunnel from rs4u Consulting. Configuration is straightforward:

SSH Tunnel Connection Window

SSH Tunnel Configuration Window

I was able to set my FTP client to use the SOCKS5 proxy provided by SSH tunnel. From there on, everything just works.

SSH Tunnel across the intarnets

Published by

Rick Osborne

I am a web geek who has been doing this sort of thing entirely too long. I rant, I muse, I whine. That is, I am not at all atypical for my breed.