OpenSSH, SFTP, and NT

[jabr at blu.org (John Abreau)]

I'm preparing to deploy openssh and sftp on all the Unix systems at work,
and I need to ensure that NT users can connect. The whole point of this is
so we can shut off ftp and telnet everywhere.

I was unable to find an open-source NT client for sftp. The closest I
could find for a decent NT client was putty.exe and pscp.exe, although
they only support the ssh1 protocol. While putty *might* be acceptable, I
doubt the NT users will go along with a command-line scp as their only
file transfer option.

On the commercial end, I checked out SecureCRT/SecureFX and F/Secure. They
both claimed to support sftp, but on closer examination I discovered that
they only work with the proprietary sftp2 that's bundled with F/Secure's
ssh2 server. To go with this, we're looking at $5,000 in client licenses
and $15,000 in server licenses, which I really don't want to recommend.

One other option I found was SafeTP, which sets up a secure proxy on the
NT machine and silently manages any outgoing ftp sessions over an
encrypted tunnel. The problem I have with this solution is that it
requires a normal ftp server running on the remote host, and just acts as
an encrypted front-end. I'd prefer not to have the normal ftp server
running at all.

As a last resort, I'm now instaling cygwin on an NT box so I can try to
build openssh and sftp as command-line tools. If I can at least get the
ftp-like interface working on NT, it may be enough. I believe most of our
NT users currently run ftp from a DOS window, anyway.

I'm curious how others handle this. Does everyone with NT users go with
the commercial ssh2 server? Do you just stick with plain FTP for file
transfers?

--
John Abreau / Executive Director, Boston Linux & Unix 
ICQ#28611923 / AIM abreauj / Email jabr at blu.org

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).