Add SSH2 extension to PHP default extensions to improve security
Hi,
Please consider add SSH2 extension to PHP default available extensions.
To be able to use FTP over SSH (SFTP) the SSH2 extension must be installed on PHP.
IN SHORT: SFTP (SSH2 EXTENSION) = SECURITY
SFTP means secure file transfer via Secure Shell (or SSH), hence the name SSH File Transfer Protocol (SFTP). The two devices (server and client) communicate via a single channel, that of SSH, in which the remote file management commands are sent and where the file transfer takes place. By default, the only port required for SFTP is 22, the same as SSH.
SFTP implements the same specifications at the cryptographic level supported by SSH, also TLS 1.3.
WHAT ARE FTP AND SFTP:
FTP is the traditional file transfer protocol. It’s a basic way of using the Internet to share files. SFTP (or Secure File Transfer Protocol) is an alternative to FTP that also allows you to transfer files, but adds a layer of security to the process. SFTP uses SSH (or secure shell) encryption to protect data as it’s being transferred. This means data is not exposed to outside entities on the Internet when it is sent to another party.
Businesses often choose SFTP solutions due to enhanced security. However, many others still rely on FTP to facilitate data transfers. To better understand which file sharing option can meet your company’s needs, let’s look at the differences between SFTP vs. FTP. Understanding how these file transfer options differ will help you choose which option is best to transfer your data. There are three key areas in which SFTP vs. FTP differ: encryption, firewalls, and potential vulnerabilities.
ENCRYPTION:
Transferring data is a vital, day-to-day task for many businesses. While some data transfers may not require protection, other files may house sensitive information – information that is too sensitive to fall into the wrong hands. This is why encrypting your data is essential. Encryption scrambles data, making it decipherable only by the sender and the recipient, ensuring that even if a file is intercepted, it won’t be intelligible to any unintended parties.
So, how does encryption impact your choice between SFTP vs. FTP? The traditional file transfer protocol (FTP) is a simple way of transferring data, but it offers nothing in terms of data protection. Files are transferred without encryption, making data readable for anyone who intercepts it. While this is fine if you’re just sending unimportant files, this could lead to major data compromises if you’re sending crucial data.
SFTP, in contrast, offers a secure shell protecting files. Because files are encrypted, you don’t have to worry about data falling into the wrong hands. This is the ideal mode of transfer for any file that you want to protect. SFTP uses an encrypted type of fingerprint technology to first verify host keys before any data transfer has taken place.
In terms of compliance, encryption makes a huge difference. If your organization is subject to compliance standards (including, but not limited to, the ones listed below), you could face serious consequences if you fail to encrypt data:
HIPAA
ITAR
PCI-DSS
SOX
GLBA
Encryption isn’t just a feature offered by SFTP that’s nice to have. It’s an essential step you should take to protect your data. If you fail to comply with these standards, your business could be subject to some serious fines.
FIREWALLS:
Another way in which FTP and SFTP differ is how channels are used. When you send files via FTP, this protocol needs to open multiple channels in order to complete the transfer. While the client and software negotiate these channels automatically, the client-side firewalls need to open multiple ports. Opening multiple channels can also open the client’s firewalls to vulnerability.
SFTP presents a more secure process for the client-side firewall. Only port 22 will need to be open to send and receive data. This simplifies firewall configurations and is a better choice in terms of file sharing security.
VULNERABILITIES:
In addition to encryption and firewalls, SFTP beats FTP in terms of potential vulnerabilities, too. Any vulnerability can potentially be exploited and turned into a data breach. When it comes to inherent vulnerabilities in the file transfer process, FTP has a number of prominent ones.
The first vulnerability is that FTP is prone to human error. Sending a file to the wrong recipient or sending the wrong file altogether can lead to some serious problems for your company. With a greater level of security provided by SFTP, you can minimize the potential for human error. You can also take steps to promote a culture of security awareness within your business to reduce the potential for human error.
Intercepting data is simple with FTP, too. All it takes is the right tools and a little bit of knowledge to take advantage of these vulnerabilities. Even the most amateur hackers can intercept an FTP transfer. Sensitive data is often worth too much to risk a breach.
Again, host keys can present vulnerabilities. Unlike SFTP which uses host keys to verify a recipient's identity before a transfer takes place, FTP does not. This is yet another way FTP transfers are less secure. All it takes is one accidental transfer to a wrong recipient for a file to be compromised.
When it comes to secure data transfers, SFTP is your best option. You can feel confident that encryption measures are up to compliance standards, and you’re avoiding the inherent vulnerabilities of FTP transfers.
Thanks to ftptoday(dot)com for this documents:
- What are FTP and SFTP;
- Encryption;
- Firewalls;
- Vulnerabilities.
Thanks in advance for the support.
Since Plesk Obsidian 18.0.49 that was published December 20th, 2022, the Plesk PHP configuration page in "Tools & Settings" has a new option where you can easily install PHP PECL packages. The SSH2 extension is a PECL package as described in https://pecl.php.net/package/ssh2. It can be installed right out of the Plesk user surface using the new PECL installer.
-- PD
-
Rainbow-Web.com commented
Hello,
thank you for the option of the PHP PECL packages. Unfortunately the SSH2 extension is not found in the PECL installer.
Plesk version 18.0.49 update #2
Regards
-
Florian Leroy commented
Add the option to install and activate ssh2 (ssh2_connect) PHP librairie from Plesk Panel for connect to an SSH server.