The FTP protocol has been around since the of the Internet. Together with the TELNET protocol it formed the basis of interaction on the net these days. Today, FTP is still in wide use as so many people are used to the protocol and there are so many clients and servers available and installed.
But FTP lacks a certain feature: security. The passwords used are transmitted unencrypted and therefore FTP should be avoided instead for public servers with anonymous access enabled. But there is help: the SFTP protocol is a FTP-like protocol run via SSH (Secure Shell) that can be considered “secure enough” these days. With Mac OS X, ssh use is becoming ubiquitous as the SSH server is not only preinstalled but can be switched on with a single click on the Sharig preference pane. With SSH enabled, you gain SFTP access immediately. The only thing you need is a proper SFTP client.
There are two excellent contenders in this area: Transmit and Fugu. Eventually, both programs received honors at WWDC this week. Fugu won the “Best Mac OS X Use of Open Source” award and Transmit scored second place for “Best Mac OS X User Experience”. I can basically agree.
Transmit is a really, really fast program. Use it for FTP transfer and it rocks. But what‘s best is there is seamless support for SFTP as well. It might be your first choice for general SFTP but it is non-free and it lacks an important feature: support for public key authentication and SSH agents. Fugu on the other hand is a dedicated SFTP/SCP/SSH client (so it has no FTP support at all) and has a comparably easy interface. And it‘s free. And, best of all, it does support public key authentication and SSH agents. What is an SSH agent, you ask?
A SSH agent is the “keychain” for ssh. It stores secret keys and allows repeated access to them for multiple ssh sessions. As SSH is a command line UNIX application, integration with the Mac OS X Keychain is not that easy. But there is another helpful tool called SSH Agent actually does this integration and makes working with SSH on Mac OS X a breeze.
When you install it, you can store your SSH passphrases in your keychain. Okay, you might consider this a security risk as the login password might be a bit easier to guess and opens up access to a multitude of accounts that are actually key based. But you are choosing your passwords carefully and change them regularly, don‘t you? So there is not a problem (except that nobody knows which encryption Apple chooses for the keychain, but I guess it‘s AES). But once you have installed SSH Agent you know what you have been missing.
The Mac is finally becoming a viable platform for UNIX system administration. And this is good.