On 4-Aug-08, at 05:54 , Faramir wrote:
Wait... it seems I have been very wrong about the subject... does it
means I don't need to install certificates to enable sftp? I know this
is turning off-topic, so, can you please give some source of info to
learn how to make sftp work? I already searched in wikipedia, and
found
sftp can stand for "ftp over ssh" or "SSH file transfer protocol", and
that those are 2 different concepts...
The confusion is between SSL (Secure Socket Layers), which provides
the security in https protocol and can provide security in FTP over
SSL, and SSH (Secure SHell), which provides the security for scp, sftp
(ftp over SSH or SSH file transfer protocol).
SSL depends on a hierarchical certificate trust system (X-509) where
the certificates are certified by a "root" Certificate Authority (CA)
such as Verisign or Deutsche Telekom or Staat De Nederlanden.
This provides a lucrative business for selling trust.
SSH, on the other hand, is closer to the PGP/GPG web of trust. It uses
keys generated by the SSH server and your client to verify each other
after you have been authenticated to the server in another manner
(most often passwords, but even can be GPG or X509). SSH allows
tunnelling of other network protocols over the basic SSH connection.
One of those tunnelled protocols is FTP and SSH has the ability to
facilitate this.
But all of these protocols encrypt the transmission, not the actual
data files being transmitted. This is where gnupg comes in.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
