# WebDav or ssh?



## bsus (Jan 22, 2012)

Hi,

at this time I use ssh (sftp-3) to access files on my server over the internet.

Unfortunatly the migration of sftp-clients under windows (which are mostly default on public computers....) isn't really nice.

My question is now if webdav can keep up in security and if it is a recommand alternative.

Regards


----------



## Anonymous (Jan 22, 2012)

WebDAV provides by its own no security features. It is merely an extension to HTTP. As required by RFC 4918, WebDAV enabled Web-Servers MUST support the Digest authentication scheme. This prevents attackers from steeling login credentials, however, it does not provide for any transport layer security.

In order to achieve transport layer security, most WebDAV servers and clients can utilize HTTP + SSL, i.e. HTTPS - of course, this can be setup to give you almost the same level of security as ssh. You need to install good certificates.

Another option would be to hide a non-SSL WebDAV behind a VPN server, so one would establish a VPN first, and then login in to the WebDAV server. Anyway, VPN would also make ftp and smb secure.

Best regards

Rolf


----------



## phoenix (Jan 23, 2012)

A USB stick with Portable PuTTY solves the issue.  Been carrying a similar setup for several years now. Even works in the local libraries.


----------



## bsus (Jan 23, 2012)

Hi,



> WebDAV provides by its own no security features. It is merely an extension to HTTP. As required by RFC 4918, WebDAV enabled Web-Servers MUST support the Digest authentication scheme. This prevents attackers from steeling login credentials, however, it does not provide for any transport layer security.
> 
> In order to achieve transport layer security, most WebDAV servers and clients can utilize HTTP + SSL, i.e. HTTPS - of course, this can be setup to give you almost the same level of security as ssh. You need to install good certificates.
> 
> Another option would be to hide a non-SSL WebDAV behind a VPN server, so one would establish a VPN first, and then login in to the WebDAV server. Anyway, VPN would also make ftp and smb secure.



Thank you for the good overview. I will have a look at WebDAV over https and VPN.

How does it look for creating a VPN connection under windows.
Is this possible without 3rd party tools, is it safe on public computers and how long does the configuration usually takes?



> A USB stick with Portable PuTTY solves the issue.  Been carrying a similar setup for several years now. Even works in the local libraries.


This is my current solution but the intergration of WinSCP in Windows isn't quite as smooth as I would like to have it


----------



## Anonymous (Jan 23, 2012)

bsus said:
			
		

> How does it look for creating a VPN connection under windows.
> Is this possible without 3rd party tools, is it safe on public computers and how long does the configuration usually takes?



Sorry, I cannot talk for Windows, only for Mac OS X and iPhone. Although, the setup is quick and easy and works out of the box, I would not establish VPN connections to my server using foreign Macs because it would be quite easy forgetting to remove the settings afterwards.

Perhaps others can tell something about Windows.

Best regards

Rolf

PS: In the meantime, I played around with VPN on Windows 7 in VirtualBox on my Mac. Actually, setting-up a PPTP-VPN was done in a few steps by configuring a new connection from the Network properties, selecting VPN and entering user name and password. Win7 tries first to establish a SSTP connection, and after ca. 30 s fails-over to PPTP, this then connected to my FreeBSD box which got a PPTP server as described here and here.

For removing the VPN setup, the VPN network adapter can be deleted.

VirtualBox was in network bridge mode, since NAT mode does not pass GRE packets.

My L2TP/IPsec Server on FreeBSD 8.2 does not work together with my Windows 7 in the VirtualBox, though.


----------



## bsus (Jan 24, 2012)

Thank you for youre help 

I will test this it out for me in a few days.

Best regards,
bsus


----------



## mix_room (Jan 24, 2012)

phoenix said:
			
		

> A USB stick with Portable PuTTY solves the issue.  Been carrying a similar setup for several years now. Even works in the local libraries.



I would then also add FileZilla portable. It gives you a quite nice SFTP-client. I'm sure there are other clients as well.


----------

