SFTP Information, technical, white paper etc.

[Gus M. Creces]

Hi...
I'm looking for some information, technical, white paper - whatever - on how
SFTP works.
I need to add SFTP capabilities into an app's present FTP capabilities.
I'm not really looking for a 3rd party solution, like a plug in.
Would prefer to write the code in C++ or C#.
Just haven't found much technical information on the topic.

Thanks in advance for any suggestions, leads in the right direction.

Cheers...

 

[Chad Z. Hower aka Kudzu]

I'm looking for some information, technical, white paper - whatever - on
how SFTP works.
I need to add SFTP capabilities into an app's present FTP capabilities.
I'm not really looking for a 3rd party solution, like a plug in.
Would prefer to write the code in C++ or C#.

SFTP is not an easy undertaking. Are you not open to any third party
solutions, even free open source onse?


--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"


ELKNews - Get your free copy at http://www.atozedsoftware.com

 

[J. Peter Mugaas]

Hi...
I'm looking for some information, technical, white paper - whatever - on how
SFTP works.

I wonder what you mean by SFTP. Most often, it is referring to a file
transfer protocol included with SSH2. If you are referring to that, you
may want to look at http://www.ietf.org/html.charters/secsh-charter.html as
that IETF group has some working drafts describing SSH and the SSH File
Transfer Protocol plus there may be information about it at
http://www.openssh.org/. Another thing that is sometimes called SFTP is
FTP over a SSL connection. There is no formal document describing that
although it was in an old IETF Internet Draft. That's what I call FTP with
implicit SSL. In this, you use the standard FTP protocol over SSL
encryption using a special port (990) and special data channel negotiation
commands are used (PBSZ 0 along with either PROT P for an encrypted data
port or PROT C for an unencrypted data port). This is being depreciated in
favor of FTP with explicit SSL which is described in
(http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-12.txt).

There also is a protocol called SFTP (Simple File Transfer Protocol) which
is described in RFC 913 (you can get the RFC's in many places). I doubt
that you will see much demand for RFC 913 support.

Indy (http://www.indyproject.org) currently does support FTP with TLS (both
implicit and explicit SSL) using third-party SSL frameworks (the vendor
would make descendant classes for it to work transparantly). I had looked
at adding OpenSSL support to the DotNET version of Indy but I found I
couldn't do this as I got in way over my head. The problem is that I would
have to use the P/Invoke interface as well as some type marshaling (.DLL's
are very particular about such things in DotNET, it can be tricky). Making
this worse is that in OpenSSL, you have .DLL callback routines and you have
to set a procedure to an address of a SSL method located in the .DLL. If
someone can do this in DotNET, we may be able to support FTP with SSL plus
support a number of other SSL protocols.
--
J. Peter Mugaas - Indy Pit Crew
Internet Direct (Indy) Website - http://www.nevrona.com/Indy
Personal Home Page - http://www.wvnet.edu/~oma00215
If I want to do business with you, I will contact you. Otherwise, do not
contact me.

 

[Gus M. Creces]

Peter...
I've got FTP over SSL under control.
It's the SSH2 thingy I'm after.
Haven't followed up on your links yet but they look like a good start from a
cursory look-over.
Much obliged for the very detailed response and for clearing up the
definition of "SFTP".

Cheers...

--
Gus M. Creces
The Clarion Handy Tools Page
http://www.cwhandy.ca
http://news.cwhandy.ca
(e-mail address removed)