SFTP

Jan 1, 0001

Definition

SFTP (SSH File Transfer Protocol) is a secure file transfer protocol that operates over the SSH (Secure Shell) protocol. It provides a secure channel for transferring files between a client and a server, ensuring data confidentiality and integrity through encryption. Unlike FTP, SFTP encrypts both commands and data, preventing sensitive information from being transmitted in plaintext.

Secure Settings Example

# Example of a secure SFTP server configuration in OpenSSH
Match User sftpuser
    ChrootDirectory /var/sftp/%u
    ForceCommand internal-sftp
    AllowTcpForwarding no
    X11Forwarding no
    PermitTunnel no
    PasswordAuthentication no
    PubkeyAuthentication yes

Insecure Settings Example

# Example of an insecure SFTP server configuration
Match User sftpuser
    ChrootDirectory /var/sftp/%u
    ForceCommand internal-sftp
    AllowTcpForwarding yes  # Insecure: Allows port forwarding
    X11Forwarding yes       # Insecure: Allows X11 forwarding
    PasswordAuthentication yes  # Insecure: Allows password-based authentication
    PubkeyAuthentication no     # Insecure: Disables public key authentication

SFTP

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter