SFTP and Security

[drgrass]

Currently using SFFS 5.32b to backup data files from my desktop computer to an FTP account on a commercial webhosting company (think GoDaddy or Bluehosting).

I've set up a dedicated FTP user account on the server. My FTP user account points to a specific directory on the server for holding the files. I have configured SFFS to: i) run daily on the scheduler, ii) encrypt individual files with a good strong AES-256 password, and iii) Use Synthetic backups so large files will be uploaded efficiently with version control. Test runs appear to be working perfectly.

My concern remains security. I can specify the hosting site as SFTP://domainname, but the log file shows missing certificates. Does that mean the connection is reverting back to a regular FTP connection? How can I ensure my connection between SFFS and my hosting company is not passing the username and password in the clear? Are there other things I should be doing to harden the security? Sorry, I only know a little about SSH and SFTP, and I'm not understanding what needs to be configured on SFFS vs. the server. Thank you.

[superflexible]

If you chose the SSH (SFTP) protocol, then it is fine. It has nothing to do with FTP. SSH is always encrypted and there is no possibility to fall back to an unencrypted protocol.

The certificate thing in the logs is not an error. I think the latest version won't put this in the logs any more. It is just an information, and it means that you are not using a client certificate for login. Instead, you are using a username and password, and that is fine.