|
|
|
The Relationship Between File Transfer, SSH, SCP2 (scp), and SFTP
Technical Note 1918
Last Reviewed 28-Feb-2005
Applies To
Reflection Windows-based Products version 11.0 through 14.x (excluding Reflection NFS Client)
Reflection for Secure IT version 6.0 or higher
F-Secure SSH Products for Windows
F-Secure SSH Products for UNIX
Summary
Technical Note 1918
Last Reviewed 28-Feb-2005
Applies To
Reflection Windows-based Products version 11.0 through 14.x (excluding Reflection NFS Client)
Reflection for Secure IT version 6.0 or higher
F-Secure SSH Products for Windows
F-Secure SSH Products for UNIX
Summary
This technical note explains how the SCP2 (scp) and SFTP file transfer utilities interact with SSH to provide secure authentication and file access.
Note: Beginning with version 6.0, the F-Secure SSH product line has a new name: Reflection for Secure IT.
A Brief Introduction to SSH
SSH is a computer program based on the SSH protocol. SSH provides strong, encrypted authentication and a secure encrypted tunnel through which users can execute commands and move data.
The file transfer capabilities of SSH are performed by native utilities that ensure files are sent through the secure, encrypted SSH tunnel. These file transfer utilities are provided with most SSH products, including Reflection, Reflection for Secure IT, and F-Secure SSH.
For more information about SSH, see the white paper, Fortified SSH: A Cost-Effective Way to Safeguard Your Network, on Attachmate.com: http://www.attachmate.com/WhitePapers/Literature_0954.htm.
Secure File Transfer Utilities
The version of SSH you are running determines which file transfer protocols and utilities are available:
| Version of SSH |
File Transfer Protocol |
File Transfer Client Utility |
| SSH2 |
SFTP |
scp2* and sftp *Scp2 is sometimes referred to as scp; however, it is different than SSH1 scp. |
| SSH1 (deprecated) |
SCP1 (deprecated) |
scp, scp1 (deprecated) |
SSH1 and SSH2—Before deciding to use SSH1 or SSH2, note the following.
- The SSH1 protocol is deprecated, therefore, it is highly recommended that you use SSH2.
- SSH1 and SSH2 are incompatible; however, most vendors do provide utilities that work with either version of SSH.
- There are different implementations of scp, those based on OpenSSH use the RCP protocol and those based on SSH.com use the SFTP protocol.
Due to these scp implementation differences, versions prior to 13.0.4 of the Reflection client or version 6.1 of the Reflection for Secure IT client for Windows cannot connect to a Reflection or F-Secure SSH Windows Server using an OpenSSH based scp client (including Reflection scp) or an scp2 client in SSH1 compatibility mode.
However, you can connect:
- to an OpenSSH server using the Reflection for Secure IT or F-Secure SSH scp2 client.
- to a Reflection for Secure IT SSH UNIX Server version 6.x or higher.
- from an OpenSSH client to the Reflection for Secure IT SSH Windows Server version 7.0.
SFTP and FTP—The file transfer protocol SFTP is not a 'secure version' of the standard FTP protocol. It is a completely different file transfer protocol. You cannot connect to an FTP server using SFTP or to an SFTP server using FTP.
scp2 and sftp—Both scp2 and sftp provide secure encrypted authentication and data transfer over SSH2.
How scp2 Works
Scp2 is a command line utility. It is particularly useful when automating tasks such as batch file transfers because it allows you to intersperse scp commands with programmatic logic in a UNIX script or Windows .bat file.
When an scp command is issued: 1) scp2 initiates the SSH tunnel, 2) performs encrypted host and user authentication, 3) creates the SSH tunnel, 4) starts the host SSH daemon's sftp-server sub-system (the file transfer server), 5) runs the scp file copy command (which uses sftp), and 6) then closes the SSH tunnel.
A new SSH tunnel is created and shut down for each scp command issued.
How sftp Works
Sftp provides a user interface with features similar to command line FTP (but with fewer capabilities). It does not provide support for programmatic logic within the sftp client application command stream.
Starting sftp 1) opens the sftp command line interface, 2) initiates the SSH tunnel, 3) performs encrypted host and user authentication, 4) creates the SSH tunnel, 5) starts the host SSH daemon's sftp-server sub-system (the file transfer server), and 6) then waits for sftp commands.
The SSH tunnel remains open until the bye command is issued, allowing multiple sftp commands to be issued before it is closed.
