Secure Computing: Secure File Transfers
Overview
From a security perspective, the Internet is a hostile environment. In the absence of special precautions, it is prudent to expect that data transmissions can be monitored and possibly altered by third parties
In order to safely transfer files across the Internet we recommend the use of SCP or SFTP, tools based on version 2 of the SSH protocol which provides a communication method that is resistant to both eavesdropping and active attack.
SCP is a secure version of the Unix RCP (Remote CoPy) command-line tool. It is appropriate for simple single-file or single-batch transfers, and it is easily incorporated into automated scripts.
SFTP is a secure version of the familiar FTP command. It is appropriate for interactive transfers of files and directories.
There is no difference in the security strength of SCP and SFTP at the protocol level, assuming SSH version 2 is employed. (See caveat regarding SCP and protocol 1.)
Client software
SCP/SFTP clients are available for a variety of platforms.
For Windows, Stanford has volume licenses for SecureCRT and SecureFX. SecureCRT is a terminal emulation program for the SSH protocol, and comes with an SCP-compatible client called VCP. SecureFX is a graphical Explorer-like program compatible with SFTP. Both packages are available from the Essential Stanford Software web site.
OpenSSH (which includes both SCP and SFTP) is available for most flavors of Unix and comes pre installed in many of them, including Stanford's SULinux.
MacOS X comes with OpenSSH pre installed.
A low-cost client for older versions of MacOS is MacSFTP. We recommend avoiding the free NiftyTelnet client because of its dependence on SSH protocol 1 (see caveat below).
Caveats
The original SSH protocol 1 has a number of serious flaws which could lead to a connection being intercepted. All up-to-date implementations of the SSH server support protocol 2, so it would be wise to avoid the use of protocol 1 altogether. Since most SCP (and some SFTP) clients still support protocol 1 for purposes of backward compatibility, users should take special care to ensure that they use only protocol 2.
Unfortunately, the difference between the two protocols is not visible to the user in normal operation. To be certain, follow the instructions for configuring clients for protocol 2.
The security of the SSH protocol ultimately depends upon trusting the validity of both the client's and the server's credentials. It is therefore vitally important for the user to verify that the server they are trying to contact has a public key that is correct and trusted. The Leland Systems Group provides a list of host keys for the public cluster machines in the "Known Hosts Keys" section of their Using SSH page.