Is it safe to send SFTP username and password?

Question

Is it safe to send SFTP username and password?

If you are logging into the sftp server, is the username and password safe?

Or do you need certificate-based authentication to encrypt the entire transfer?

If it depends on the client, do you know if Tumbleweed and WinSCP can configure the username and password to be sent securely?

+3

sftp

xiatica May 07 '12 at 6:23

source share

3 answers

SFTP SSH, , (, ?). , . , .

+4

Nickoli Roussakov 07 '12 6:31

SFTP . , , . , , ( ).

, , SFTP. 99% SSH ( 22), . , SFTP ( WinSCP) - , SSH.

Strictly speaking, even SSH can be configured without encryption or with a lower level of encryption. Although in most cases it is safe. Again, most SSH clients (specifically WinSCP) and servers do not allow SSH to be installed without encryption.

+2

Martin Prikryl Apr 4 '13 at 6:59

source share

Eugene Mayevski 'Allied Bits · Accepted Answer · 2012-05-07T09:44:54+0000

Depends on what you mean by SFTP. For "real" SFTP, which means authentication of the SSH File Transfer protocol, is performed at the SSH level and is protected. Some people use "SFTP" as a synonym for FTP-over-TLS, and in this case it depends - in most cases the command channel is encrypted before the username and password are sent (this is only true for SSL / TLS-protected connection, not plain FTP!), but it can authenticate in clear text (for example, for debugging purposes).

Is it safe to send SFTP username and password?

More articles: