OpenSSH and FXP setting

dwoods99 · 06-27-2008, 04:35 PM

I already have an OpenSSH server configured and running well.
I have also implemented a chroot jail. No problems there.

My problem is that someone is asking me to allow server-to-server
transfers with the FXP 'protocol' used by FTP clients such as FlashFXP on Windows.
Their reasoning is that SFTP is not transferring as fast as using the FXP option.

I will only allow changes to be made as long as SSL/TLS is still used.
Is there something in the OpenSSH settings that will allow FXP to be enabled?
I can't find anything so it seems that I may need to install Pure-FTPD and restrict user IP addresses.

I did see that you are working on SFTP in the Beta version, will this help my cause?
I also saw instructions in FAQ for Pro-ftpd and wu-ftpd, but I'd rather keep OpenSSH for FTP purposes, if at all possible.

Any suggestions appreciated.

MxxCon · 06-27-2008, 09:09 PM

fxp transfers are impossible with ssh/sftp protocol.
fxp transfers is a feature of only ftp protocol.

ssl/tls is not the same thing as ssh.

dwoods99 · 06-28-2008, 01:50 PM

As for file size, we're talking 4-12 GB files/directories.

One thing I still don't "get" is that FXP is supposed to make server-2-server transfers faster, that's fine but I can't see how
local_PC-2-server will go any faster because of FXP compared to sftp with multi-threading.

Does anyone think that using Pro-ftpd or Pure-ftpd with FXP enabled will be any faster than SFTP for
transfering from user's local PC to a Linux server, using FlashFXP on the user PC?

bigstar · 06-28-2008, 04:19 PM

sftp is not designed for fast file transfers, its designed for security. With that in mind sftp is extremely slow when it comes bulk data transfers and ftp is much better suited for this.

sftp is for upload and download and is not compatible with site to site transfers, it was added because many web hosting providers are cutting off ftp access in favor of sftp. even though with a proper configuration ftp ssl/tls can be secured very well, the problem is that it isn't as easy to configure and sometimes a nightmare on virtual host setups.

I'm not entirely sure what you're trying to do but in my opinion ftp is the way to go unless you're forced to use sftp for some reason.

dwoods99 · 06-28-2008, 04:42 PM

Your points are quite valid.
I admit to being out of the admin and security side of servers for a few years now, however
there was too many security concerns and holes in so many various FTP programs that
a secure version was simply necessary... and I prefer to not use anything else even today.

That said, for the small number of users I need to satisfy, I believe I will setup Pro-ftpd or
Pure-ftpd with FXP enabled but restrict the valid IP addresses that can access the server.
I will attempt to still get it working within the chroot'ed jail that I have setup now for sftp users.

Paranoia takes less time to deal with than fixing hack attacks or actual break-in

MxxCon · 06-28-2008, 10:42 PM

Quote:

Originally Posted by dwoods99

One thing I still don't "get" is that FXP is supposed to make server-2-server transfers faster, that's fine but I can't see how
local_PC-2-server will go any faster because of FXP compared to sftp with multi-threading.

FXP transfer allow to transfer files directly between 2 servers.
If SERVER A has 100mbit connection, SERVER B has 100mbit connection but CLIENT has only 56k connection, FXP transfer will still go at full 100mbit.
data is being sent between 2 server directly bypassing client's (slow) connection.

in addition to pureftpd and proftpd, read http://vsftpd.beasts.org/