Using Secure Shell and Secure Copy

By Blane Warrene
We teamed up with SiteGround
To bring you the latest from the web and tried-and-true hosting, recommended for designers and developers. SitePoint Readers Get Up To 65% OFF Now

One way in which web developers and webmaster can further insure secure access to and from their servers is by restricting the use of telnet and where possible ftp.

While ftp can be configured tightly and run under ssl for additional security, it and telnet remain weak points in server security. Alternatives are available.

For starters, by requiring the use of secure shell (ssh) as a replacement to telnet access, user sessions are encrypted and key-based rather than clear text username and password based. SSH is easily available to all platform users with terminals, terminal applications and GUI clients ready-made for Linux, Macintosh and Windows. A majority of *Nix servers have an ssh server installed by default, and telnet can be disabled safely while still insuring access through the command line (terminal) and clients (which the majority support both telnet and ssh).

For Windows-based servers, there are open source ssh servers available, one of the most popular being OpenSSH for Windows (formerly run under the Network Simplicity name). This installs ssh under Cygwin without the need to load a full Cygwin install on a Windows server.

An immediate benefit of using ssh is access to secure copy (scp) and secure ftp (sftp). Both of these offer an encrypted method for transferring files and are full-featured replacements for telnet and ftp.

SSH, scp and sftp can be used from the command line just as users have used telnet and ftp. Some examples are below:



‘ssh -l user’ (for OS X users). If this is your first login, you are prompted to accept and generate an entry in your local known_hosts file, and provide a password, which is transferred securely. You are then available to access all of the same command line functions as in telnet.

SCP – To transfer a file or files from one system to another. For example, if I have an application to upload and install on my server, I could perform the following:

'scp application.tar.gz'

, and I am prompted for a password, and then the file is transferred to my user folder on the server. If I wanted to upload a number of RPM updates for a server, I would insure I am in the directory where the files reside, and send the following –

'scp *.rpm'

, and again the files are transferred securely.

One additional benefit of scp is some minor added compression, which shortens the transfer time.

SFTP – Logging in is the same as ftp on the command line,


, and after answering a password prompt, a secure ftp session is started.

“Passwordless” sessions are available if you setup a key to handle the secure handshake between your system and the server by running ssh-keygen. A good tutorial is found at Fedora News

Clients are available for all platforms such as those listed below.

-Native terminal shells including Bash, CSH (C Shell) and KSH (Korn Shell)
-SSH capable tools, such as gFTP and KDE ftp tools

-Native terminal shells as on Linux
MacSSH and MacSFTP

OpenSSH for Windows (client included)
Putty, a favorite to many Windows users.

We teamed up with SiteGround
To bring you the latest from the web and tried-and-true hosting, recommended for designers and developers. SitePoint Readers Get Up To 65% OFF Now
  • There are a few tricks with scp that most people don’t know about until you really try and beat it hard. For example, if you say have 100 mb/s and you are trying to copy a file from one server to another and you don’t go over a backend network, you will use up your entire 100 mb/s. I see it happen all of the time and unfortunately we have not found a way to slow it down. You can use rsync which has a system to limit the amount of bandwidth used. But the best solution and from a security standpoint all box to box traffic should go over a dedicated backend, and then you can use all of the free bandwidth you want.

    Just my 2 cents….

  • M.Webster

    Ensure correct English usage by consulting a reliable dictionary before publication: the word is “ensure”, not “insure”.