Skip to content

Secure File Transfers

Overview

From a security perspective, the Internet is a hostile environment. In the absence of special precautions, it is prudent to expect that data transmissions can be monitored and possibly altered by third parties

In order to safely transfer files across the Internet we recommend the use of SCP or SFTP, tools based on version 2 of the SSH protocol which provides a communication method that is resistant to both eavesdropping and active attack.

SCP is a secure version of the Unix RCP (Remote CoPy) command-line tool. It is appropriate for simple single-file or single-batch transfers, and it is easily incorporated into automated scripts.
SFTP is a secure version of the familiar FTP command. It is appropriate for interactive transfers of files and directories.

There is no difference in the security strength of SCP and SFTP at the protocol level, assuming SSH version 2 is employed.

Client software

SCP/SFTP clients are available for a variety of platforms.

For Windows, Stanford has volume licenses for SecureCRT and SecureFX. SecureCRT is a terminal emulation program for the SSH protocol, and comes with an SCP-compatible client called VCP. SecureFX is a graphical Explorer-like program compatible with SFTP. Both packages are available from the Essential Stanford Software web site.

OpenSSH (which includes both SCP and SFTP) is available for most flavors of Unix and comes pre installed in most of them.

MacOS X comes with OpenSSH pre installed, and Stanford also provides LelandSSH to assist MacOS users in establishing SSH sessions.

Caveats

The original SSH protocol 1 has a number of serious flaws which could lead to a connection being intercepted. All up-to-date implementations of the SSH server support protocol 2, and the FarmShare systems will not accept connections with the older protcol.

The security of the SSH protocol ultimately depends upon trusting the validity of both the client's and the server's credentials. It is therefore vitally important for the user to verify that the server they are trying to contact has a public key that is correct and trusted. The host key fingerprint for the FarmShare cluster machines can be found in the FarmShare User Guide.

Last modified: 06/03/2014 04:29:33 PM