By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,647 Members | 1,178 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,647 IT Pros & Developers. It's quick & easy.

SFTP Information, technical, white paper etc.

P: n/a
Hi...
I'm looking for some information, technical, white paper - whatever - on how
SFTP works.
I need to add SFTP capabilities into an app's present FTP capabilities.
I'm not really looking for a 3rd party solution, like a plug in.
Would prefer to write the code in C++ or C#.
Just haven't found much technical information on the topic.

Thanks in advance for any suggestions, leads in the right direction.

Cheers...

--
Gus M. Creces
The Clarion Handy Tools Page
http://news.cwhandy.ca
gc*****@sympatico.ca


Jul 21 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
"Gus M. Creces" <gc*****@sympatico.ca> wrote in
news:OR**************@TK2MSFTNGP10.phx.gbl:
I'm looking for some information, technical, white paper - whatever - on
how SFTP works.
I need to add SFTP capabilities into an app's present FTP capabilities.
I'm not really looking for a 3rd party solution, like a plug in.
Would prefer to write the code in C++ or C#.


SFTP is not an easy undertaking. Are you not open to any third party
solutions, even free open source onse?
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"
ELKNews - Get your free copy at http://www.atozedsoftware.com

Jul 21 '05 #2

P: n/a
On Mon, 16 Feb 2004 13:18:19 -0500, Gus M. Creces wrote:
Hi...
I'm looking for some information, technical, white paper - whatever - on how
SFTP works.


I wonder what you mean by SFTP. Most often, it is referring to a file
transfer protocol included with SSH2. If you are referring to that, you
may want to look at http://www.ietf.org/html.charters/secsh-charter.html as
that IETF group has some working drafts describing SSH and the SSH File
Transfer Protocol plus there may be information about it at
http://www.openssh.org/. Another thing that is sometimes called SFTP is
FTP over a SSL connection. There is no formal document describing that
although it was in an old IETF Internet Draft. That's what I call FTP with
implicit SSL. In this, you use the standard FTP protocol over SSL
encryption using a special port (990) and special data channel negotiation
commands are used (PBSZ 0 along with either PROT P for an encrypted data
port or PROT C for an unencrypted data port). This is being depreciated in
favor of FTP with explicit SSL which is described in
(http://www.ietf.org/internet-drafts/...tp-ssl-12.txt).

There also is a protocol called SFTP (Simple File Transfer Protocol) which
is described in RFC 913 (you can get the RFC's in many places). I doubt
that you will see much demand for RFC 913 support.

Indy (http://www.indyproject.org) currently does support FTP with TLS (both
implicit and explicit SSL) using third-party SSL frameworks (the vendor
would make descendant classes for it to work transparantly). I had looked
at adding OpenSSL support to the DotNET version of Indy but I found I
couldn't do this as I got in way over my head. The problem is that I would
have to use the P/Invoke interface as well as some type marshaling (.DLL's
are very particular about such things in DotNET, it can be tricky). Making
this worse is that in OpenSSL, you have .DLL callback routines and you have
to set a procedure to an address of a SSL method located in the .DLL. If
someone can do this in DotNET, we may be able to support FTP with SSL plus
support a number of other SSL protocols.
--
J. Peter Mugaas - Indy Pit Crew
Internet Direct (Indy) Website - http://www.nevrona.com/Indy
Personal Home Page - http://www.wvnet.edu/~oma00215
If I want to do business with you, I will contact you. Otherwise, do not
contact me.
Jul 21 '05 #3

P: n/a
Peter...
I've got FTP over SSL under control.
It's the SSH2 thingy I'm after.
Haven't followed up on your links yet but they look like a good start from a
cursory look-over.
Much obliged for the very detailed response and for clearing up the
definition of "SFTP".

Cheers...

--
Gus M. Creces
The Clarion Handy Tools Page
http://www.cwhandy.ca
http://news.cwhandy.ca
su*****@cwhandy.com
"J. Peter Mugaas" <om******@mail.wvnet.edu> wrote in message
news:1o****************************@40tude.net...
On Mon, 16 Feb 2004 13:18:19 -0500, Gus M. Creces wrote:
Hi...
I'm looking for some information, technical, white paper - whatever - on how SFTP works.
I wonder what you mean by SFTP. Most often, it is referring to a file
transfer protocol included with SSH2. If you are referring to that, you
may want to look at http://www.ietf.org/html.charters/secsh-charter.html

as that IETF group has some working drafts describing SSH and the SSH File
Transfer Protocol plus there may be information about it at
http://www.openssh.org/. Another thing that is sometimes called SFTP is
FTP over a SSL connection. There is no formal document describing that
although it was in an old IETF Internet Draft. That's what I call FTP with implicit SSL. In this, you use the standard FTP protocol over SSL
encryption using a special port (990) and special data channel negotiation
commands are used (PBSZ 0 along with either PROT P for an encrypted data
port or PROT C for an unencrypted data port). This is being depreciated in favor of FTP with explicit SSL which is described in
(http://www.ietf.org/internet-drafts/...tp-ssl-12.txt).

There also is a protocol called SFTP (Simple File Transfer Protocol) which
is described in RFC 913 (you can get the RFC's in many places). I doubt
that you will see much demand for RFC 913 support.

Indy (http://www.indyproject.org) currently does support FTP with TLS (both implicit and explicit SSL) using third-party SSL frameworks (the vendor
would make descendant classes for it to work transparantly). I had looked
at adding OpenSSL support to the DotNET version of Indy but I found I
couldn't do this as I got in way over my head. The problem is that I would have to use the P/Invoke interface as well as some type marshaling (.DLL's
are very particular about such things in DotNET, it can be tricky). Making this worse is that in OpenSSL, you have .DLL callback routines and you have to set a procedure to an address of a SSL method located in the .DLL. If
someone can do this in DotNET, we may be able to support FTP with SSL plus
support a number of other SSL protocols.
--
J. Peter Mugaas - Indy Pit Crew
Internet Direct (Indy) Website - http://www.nevrona.com/Indy
Personal Home Page - http://www.wvnet.edu/~oma00215
If I want to do business with you, I will contact you. Otherwise, do not
contact me.

Jul 21 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.