Re: sftp module cant connect to new hosts

[Fernando Herrera <fherrera onirica com>]

Tue, Mar 16, 2004 at 11:58:56AM +0100, Mattias Eriksson escribió:
>
>Why then use sftp? It has alot overhead which gives it poor performance
>compared to http and ftp?
>If you don't care about security you should use ftp or http!

	Tranfering files over ssh or sftp is popular because it usually
works out-of-the-box for most linux instalations. Setting a http+auth
account to share personal files is not an easy operation for normal
users.

>I don't think everything need to be secure, but there is no reason to
>remove security from sftp when ordinary ftp exists for insecure use.

	I've been using ssh since the beginings andwhen I've got the

The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is 07:a2:e4:78:af:c6:be:e7:34:4a:68:79:3e:dd:78:80.
Are you sure you want to continue connecting (yes/no)?
	message I've never typed "no", and neither I've called the
administrator asking for the RSA fingerprint to be valid. So asuming
than most of distros ship with "StrictHostKeyChecking ask", the current
beahaviour of gnome-vfs sftp module doesn't allow any user not using the
command line connect to any host, and the most dangeroyus part, without
any error message to tell him why he cannot connect, so he won't use
this method again (and probably he won't notice that it is fixed in 2.8)

	So I'm proposing for 2.6 automatically accept any new key without
message (this is not a security risk), and refuse with a generic error a
changed key. For 2.8 we can disccuss about the dialogs.

Salu2



-- 
Fernando Herrera de las Heras
Onírica: análisis, diseño e implantación de soluciones informáticas
http://www.onirica.com