tags:

views:

134

answers:

4
Q: 

uploading code to dev or production server using ftp or using telnet, are they both not safe?

i still see people using ftp or telnet for work instead of sftp and ssh. is it true that using ftp or telnet can let people see the password quite easily? Who can actually see it?

Update: for example, if i am not using Wireless... which i heard can be breakable if it is WEP when 1GB traffic is sent or received ... so if not using Wireless, and I am using either DSL, Cable Internet like Comcast, or AT&T's U-verse's fiber optics, then who can read it? Can my neighbor, or joe at the data center at a nearby company or university read it? Or joe at a big hosting company or data center that happens to be some where between California and Chicago if I am ftp'ing from California to Chicago?

Update 2: so maybe it is good to alias ftp='echo use sftp!!' on the bash too

+2  A: 

Both ftp and telnet are unencrypted. That means that anyone who can capture your internet traffic (e.g. your isp, hosting provider, maybe government) can read your password in plain text averytime you login. Ssh and sftp/scp will encrypt your password and none should be able to read it.

lhahne  2009-05-27 05:22:28
+2  A: 

To answer briefly, anyone on the path of the packets from your pc to the server. In some cases (insecure networks, wireless networks, and so on) many more persons. That's because the password will travel in plain text.

You can see more about packet sniffing at http://en.wikipedia.org/wiki/Packet_capture. Also check http://en.wikipedia.org/wiki/File_Transfer_Protocol#Security_problems

MartinodF  2009-05-27 05:24:47
+1  A: 

Yes, by using a simple packet sniffer, such as Wireshark it is possible to read the plaintext passwords used by telnet and ftp. Try using this tool while initializing a ftp or telnet session and you'll see how non-secure these mechanisms are.

As tagged with this post, ssh and sftp are more secure alternatives as they encrypt the data as it moves across the wire. And, as always, never use these sorts of tools for evil!

Kevin Pullin  2009-05-27 05:28:04
+1  A: 

Anyone with a sniffer can see it. Use the secure equivalents i.e. SFTP and SSH instead. They are protected with strong encryption and everything will be encrypted.

sybreon  2009-05-27 05:32:36
thanks. please see update if possible.
動靜能量  2009-05-27 05:41:47

related questions

SSH - a way to transfer files without opening a separate SFTP session?
differences between SFTP and "FTP over SSH"
SFTP in Python? (platform independent)
Best way to implement an SFTP server solution?
Best Method to SFTP or FTPS Files via SSIS
SFTP Rename file to append date
SFTP C++ library?
What FTP protocol/suite do the web hosting companies use?
Is there a public secure FTP site for testing?
Sftp from Unix to Windows
Secure file transfers
Hooking up GUI interface with asynchronous (s)ftp operation
How to use sftp from within an MS Access database module?
.NET Open Source CODE for SFTP ?
Download files to local drive when sshed
Are there any good free .Net network libraries? (FTP, SFTP, SSH, etc.)
What is best practice for large file transfer - SFTP or assymetric file encryption?
How do I upload a file to an SFTP server in C# / .NET?
How To Extract SFTP SSH Key From Key Cache in FileZilla FTP Client
How do I SCP a File programatically using C
Can you have virtual users using an SFTP server?
Favorite free SFTP client
Java: What is the best way to SFTP a file from a server
Keep Remote Directory Up-to-date
ASP, need to use SFTP