Starting with gnupg

Faramir faramir.cl at gmail.com
Mon Aug 4 20:36:12 CEST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Bill Royds escribió:
> 
> On 4-Aug-08, at 05:54 , Faramir wrote:
> 
>>  Wait... it seems I have been very wrong about the subject... does it
>> means I don't need to install certificates to enable sftp? I know this
>> is turning off-topic, so, can you please give some source of info to
>> learn how to make sftp work? I already searched in wikipedia, and found
>> sftp can stand for "ftp over ssh" or "SSH file transfer protocol", and
>> that those are 2 different concepts...

> The confusion is between SSL (Secure Socket Layers), which provides the
> security in https protocol and can provide security in  FTP over SSL,

   Ok, that is the reason why I thought I needed to enable https (SSL)
> and SSH (Secure SHell), which provides the security for scp, sftp (ftp
> over SSH or SSH file transfer protocol).

   Ok, I think I am getting it...

> SSL depends on a hierarchical certificate trust system (X-509) where the
> certificates are certified by a "root" Certificate Authority (CA) such
> as Verisign or Deutsche Telekom or Staat De Nederlanden.
> This provides a lucrative business for selling trust.

   Yes, I know that part... it is SSH (and its uses with ftp) what I
don't know...

> SSH, on the other hand, is closer to the PGP/GPG web of trust. It uses
> keys generated by the SSH server and your client to verify each other
> after you have been authenticated to the server in another manner (most
> often passwords, but even can be GPG or X509). SSH allows tunnelling of
> other network protocols over the basic SSH connection. One of those
> tunnelled protocols is FTP and SSH has the ability to facilitate this.

  Excellent, the host I want to secure has a GPG section in it CPanel,
but I couldn't find a help source to know what was it for (I already
know what to do with GPG in my computer and in my thunderbird).

> But all of these protocols encrypt the transmission, not the actual data
> files being transmitted. This is where gnupg comes in.
  Ok, the idea is to avoid sniffers trying to catch the login info (user
and pass), the files will be protected, if there is need of protection,
with gpg... I can use pass protected rar files, too... but my main
concern was to avoid someone else getting control over the host by
capturing the login details...

  If this is turning too much off topic, I don't mind receiving off-list
messages with advices about this subject (or any other subject, security
is really interesting, and I think it doesn't get the attention it
deserves).

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIl0wcAAoJEMV4f6PvczxAKxMH/1bfIV1bfYULgSFAvc8dZZga
A+TulMgik/GXfQJvUxhzN5JV/9vvg6Y8cu7fzki6af4VoJHfv14GHwvSGKsu3Vx4
xWTt6uSk6huc+fQV9anmSlqHsc/3ZO4nxeGS/QzZot6az4xZdSPPXGB66vVlrEPx
3b3d0w/erbetwL2F+/6YNRfVI0iSRK7sR6t4wvhrUGkvhF+aYt/FVEzUcQ0nsNbt
550Ijy+M9DgH6FzWtizq0+N4jCLFT7pp3jaCLcVdmWlupyR5FT44+MiTXz3qaM0m
z/C+6L5VWI27GlL1Su55/BBJRc/12MD0Lnilk6ITlxE97G1au2qiimDkmCknB48=
=94is
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list