hsftp is an ftp emulator that provides the look-and-feel of an ftp session, but uses ssh to transport commands and data.
hsftp is written in C, and is known to compile with gcc under Linux and some Unix flavours. No additional libraries are required. No dedicated daemon (in addition to the sshd daemon) is required to run on the server side.
If you need a password, hsftp will ask for it. The password is encrypted by ssh before transmission. hsftp will store the password internally, so you do not need to type it in again during a session.
hsftp executes UNIX commands on the remote host, and thus will fail on non-Unix remote hosts.
If hsftp is not set SUID root, and you have supplied a
password/passphrase, it might get paged out to
your swap partition during prolonged inactivity.
For security, hsftp can be compiled to drop SUID root privileges irrevocably on startup, immediately after locking the memory for the password.
For RSA authentication, you can avoid to have hsftp caching the passphrase if you use ssh-agent. In this case, you can use hsftp securely without setting it SUID root.
hsftp has been developed on Linux. It is known to compile on a variety of other UNIX flavours (at least FreeBSD, Solaris, AIX, and HP-UX), but may not work on all. Fixes for portability are welcome for inclusion.
Copyright © 2000 Rainer Wichmann.
hsftp ("the software") is distributed under the terms of the GNU General Public Licence ("GPL").
Versions <= 1.13 have security problems; please upgrade.
hsftp-1.15-1.i386.rpm (14 kB, OpenSSH)
To set SUID root permissions for the executable use the command (as root):
# chmod 4755 /usr/bin/hsftp
By setting the executable SUID root, you can avoid that the passprase might get paged out to the swap partition during periods of inactivity. It is strongly recommended to use the configure option --with-drop-root when you plan to set the executable SUID root, in order to have the program drop root privileges as soon as possible.