Programmable, secure FTP replacement

StackOverflow https://stackoverflow.com/questions/39070

  •  09-06-2019
  •  | 
  •  

Question

We need to move off traditional FTP for security purposes (it transmits it's passwords unencrypted). I am hearing SSH touted as the obvious alternative. However I have been driving FTP from an ASP.NET program interface to automate my web-site development, which is now quite a highly web-enabled process.

Can anyone recommend a secure way to transfer files around which has a program interface that I can drive from ASP.NET?

Was it helpful?

Solution

the question has three subquestions:

1) choosing the secure transfer protocol

The secure version of old FTP exists - it's called FTP/SSL (plain old FTP over SSL encrypted channel). Maybe you can still use your old deployment infrastructure - just check whether it supports the FTPS or FTP/SSL.

You can check details about FTP, FTP/SSL and SFTP differences at http://www.rebex.net/secure-ftp.net/ page.

2) SFTP or FTP/SSL server for Windows

When you choose whether to use SFTP or FTPS you have to deploy the proper server. For FTP/SSL we use the Gene6 (http://www.g6ftpserver.com/) on several servers without problems. There is plenty of FTP/SSL Windows servers so use whatever you want. The situation is a bit more complicated with SFTP server for Windows - there is only a few working implementations. The Bitvise WinHTTPD looks quite promising (http://www.bitvise.com/winsshd).

3) Internet File Transfer Component for ASP.NET

Last part of the solution is secure file transfer from asp.net. There is several components on the market. I would recommend the Rebex File Transfer Pack - it supports both FTP (and FTP/SSL) and SFTP (SSH File Transfer).

Following code shows how to upload a file to the server via SFTP. The code is taken from our Rebex SFTP tutorial page.

// create client, connect and log in 
Sftp client = new Sftp();
client.Connect(hostname);
client.Login(username, password);

// upload the 'test.zip' file to the current directory at the server 
client.PutFile(@"c:\data\test.zip", "test.zip");

// upload the 'index.html' file to the specified directory at the server 
client.PutFile(@"c:\data\index.html", "/wwwroot/index.html");

// download the 'test.zip' file from the current directory at the server 
client.GetFile("test.zip", @"c:\data\test.zip");

// download the 'index.html' file from the specified directory at the server 
client.GetFile("/wwwroot/index.html", @"c:\data\index.html");

// upload a text using a MemoryStream 
string message = "Hello from Rebex SFTP for .NET!";
byte[] data = System.Text.Encoding.Default.GetBytes(message);
System.IO.MemoryStream ms = new System.IO.MemoryStream(data);
client.PutFile(ms, "message.txt");

Martin

OTHER TIPS

sharpssh implements sending files via scp.

We have used a variation of this solution in the past which uses the SSH Factory for .NET

The traditional secure replacement for FTP is SFTP, but if you have enough control over both endpoints, you might consider rsync instead: it is highly configurable, secure just by telling it to use ssh, and far more efficient for keeping two locations in sync.

G'day,

You might like to look at ProFPD.

Heavily customisable. Based on Apache module structure.

From their web site:

ProFTPD grew out of the desire to have a secure and configurable FTP server, and out of a significant admiration of the Apache web server.

We use our adapted version for large scale transfer of web content. Typically 300,000 updates per day.

HTH

cheers,

Rob

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top