On Apr 22, 8:06 am, Nico Kadel-Garcia <nka...@gmail.com> wrote:
> ThreeStar wrote:
> > Sounds like a problem with the command file (/tmp/ftp.$$). Post
> > that. From the "Not connected" errors I'm guessing it's a problem
> > with establishing user credentials. Are you able to FTP interactively
> > to the host from this box?
>
> > BTW if this script is designed to run in a particular context I'd
> > use .netrc files to contain the user name and password instead of
> > echoing them in the script. It's somewhat more secure, makes the
> > password easier to change, and simplifies your script.
>
> > Better yet is SCP, but you didn't ask about that.
>
> > R Robert
> > *** Software
>
> SCP is *AWFUL* for this sort of thing. It mishandles symlinks, and SCP or SFTP
> access provides user access to the rest of the server's file system, with the
> user's normal privileges. That presents a real security issue.
>
> I'm a big proponent of WebDAV over HTTPS fur just this sort of thing, and for
> rsync over SSH with a restricted validation script as needed.

AFAIK the only issue is that SCP copies symbolic links as files, which
isn't necessarily a bad thing.

I assume one would use SCP keys only for a user with restricted
permissions. So it doesn't necessarily follow that SCP exposes the
whole server.

Better security is better, even if it's not the best security
(whatever that means). SCP fits the simple scenario the poster laid
out, and avoids sending login credentials over the Internet in clear
text like FTP does. WebDAV and the other proposed solutions may be
better yet, although we don't know enough about the poster's equipment
or requirements or abilities to say for sure.

--RLR