TechNote (Archived)

SSH and SSL encryption for FTP connections

This TechNote introduces some of the concepts associated with secure FTP authentication and secure connections. Secure authentication usually involves using an encryption method, such as the Secure Shell protocol (SSH). Although there are currently many kinds of protocols and encryption methods in use, this TechNote focuses on two of the most frequently-requested protocols.

Important: This TechNote will not be beneficial for Dreamweaver MX 2004 customers, as Dreamweaver MX 2004 now includes Secure FTP (SFTP) capabilities, supporting the OpenSSH 3.5p1 protocol to transfer usernames and passwords securely across the network. In addition, SFTP in Dreamweaver MX 2004 encrypts file content during transfers. Unlike Dreamweaver MX's implementation of FTP over SSH, Dreamweaver MX 2004's implementation of SFTP requires no special configuration beyond checking the SFTP option in the site definition dialog box.

Lack of security in FTP transfer

The Internet is not a secure environment. Telnet, FTP and e-mail all send your username and password in clear, unencrypted text. When you transfer a file to a remote machine, the information is not sent directly to that machine;it is routed through several machines to get there. Anyone along the route can access what you are sending, including your username and password. If this information falls into the wrong hands, your account and the remote system you have access to may no longer be secure.

Enhancing Macromedia Dreamweaver's FTP client

The Dreamweaver FTP client transfers files using the FTP protocol. Although Dreamweaver MX and earlier do not provide options for secure encryption, third-party software can be used to provide additional security.

Note: If you are unsure about which encryption protocol you should use, contact your Server Administrator or your Internet Service Provider for additional information. Macromedia cannot offer support on the use of third-party products; if you need additional information about your third-party product (beyond what is provided in this TechNote), consult the product's manufacturer, the manufacturer's web site, or the software documentation.

Below you'll find a description of two protocols that offer additional security beyond FTP:

Secure Socket Layer (SSL)
The SSL protocol was developed by Netscape to allow the secure transfer of files. If your connection to the remote server requires that you use this protocol, you will not be able to use Dreamweaver's FTP client. You can still use Dreamweaver to create local sites, but will have to transfer those sites to the remote server using a separate client. Two examples of third-party clients using the SSL protocol are:
- Windows: WS_FTP 7.0
- Macintosh: Glub Tech - Secure FTP
Secure SHell protocol (SSH)
SSH is a protocol that will allow you to log into other computers across a network and move files or execute commands. Using an SSH client, it is possible to create a secure tunnel that protects Dreamweaver's FTP authentication, making it secure. The following TechNotes outline steps on configuring Dreamweaver for two such SSH protocol clients:
- Windows: Creating an SSH tunnel for secure authentication (Windows) (TechNote tn_16126).
- Macintosh: Creating an SSH tunnel for secure authentication (Macintosh) (TechNote tn_16143).
Note: When choosing a client, make sure to choose a program that allows port forwarding. Port forwarding must be activated and configured within the chosen client. This feature is crucial to creating SSH tunnels. Please consult the documentation for the SSH client for instructions. Both Putty for Windows and MacSSH for the Macintosh-enable port forwarding.

Additional Information

For more information about setting up the Dreamweaver FTP client, see Setting up Dreamweaver's FTP connection (TechNote tn_14787).

To learn more about secure authentication and SSH, consult:

"What is SSH?" published by the Ohio State Department of Mathematics.
"MacSSH" published by Ohio State Department of Mathematics.
The PuTTY FAQ.
SSH: The Secure Shell: The Definitive Guide, by Daniel J. Barrett, Ph. D. and Richard E. Silverman, O'Reilly, 2001.
The SSH Communications Security Web site. SSH Communications Security is the company that created the SSH Secure Shell technology which provides password and authentication protection for remote logins.

Third party links
Although links to external websites are provided as a resource, the websites are not part of Macromedia. Please see the Macromedia policy regarding links to third party websites in the Legal Notices and Information section. Pages to external websites will open in a new browser window.