sftp disabled by default

[wojciech-kopras]

Describe the bug Protocol sftp is disabled by default. This enforces using scp. Described in README:

This role by default deactivates SFTP.

Expected behavior Today I have read release notes of OpenSSH 8.0 when they say:

The scp protocol is outdated, inflexible and not readily fixed. We recommend the use of more modern protocols like sftp and rsync for file transfer instead.

So maybe it would be better to use sftp, rather than scp..

[artem-sidorenko]

@wojciech-kopras thanks for raising this issue! We definitively should have a look here.

@chris-rock @atomic111 @mcgege @rndmh3ro Somehow I don't really like the idea to have sftp enabled per default, scp is not recommended by openssh, rsync isn't always installed per default (e.g. some minimal images). Any ideas how we can handle that long-term? To keep sftp disabled as users of dev-sec can always switch the according implementation to enable it?

[rndmh3ro]

Any ideas how we can handle that long-term? To keep sftp disabled as users of dev-sec can always switch the according implementation to enable it?

I'm really not sure. Having a default (and enabled) way to securely transfer files is a must-have in terms of usabilty in my opinion. On the other hand disabling unused things is more secure.

Since sftp uses ssh to transfer files, sftp is as secure (ignoring potential bugs in the sftp-code) as ssh itself. So I see no real downside in enabling sftp by default.

[chris-rock]

That is an interesting use case. We should look for standard recommendations from CIS/NIST/BSI. As we always want to make sure that users can tweak their implementation, sftp should be enable-able if required. I could not find a recommendation for disabling scp yet. I think we all agree that plain ftp is never a good idea.

@atomic111 What is your opinion?