We need to securely serve files to our clients. We want the transport to be encrypted, users should require user/password and they should be able to access their files through the web, ftp/sftp and curl.
The obvious idea is to use openssh and its sftp server. However, I don't see how to provide a web interface to the sftp server.
In other words, while most clients will use automated scripts to get their files, they may have an occasional need to get the files manually from a web page (which means they need to manually type in their user/password)
Any ideas?
edit: Sorry, forgot to mention that we intend to serve these files off a linux server
Best Answer
Having "sftp://" links will indeed require you have a sftp-capable client registered to handle the sftp UNC and will also require a re-login unless you provide the username/password in the unc... i.e. sftp://user:password@x.x.x.x/path/file. This really defeats the purpose of having a separate sftp server from the http server.
Why not simply establish a HTTPS session with whatever authentication method you choose to use, and let the http server dish out the files? If you're using apache, you can allow directory browsing, and it will auto-generate the directory listing from a specific directory... and you can make the sftp pull from the same directory. (if you wish to use both)
If you are stuck on using sftp... don't forget to restrict user logins using ssh to ONLY allow sftp and/or scp... or you will be leaving yourself open to a big security hole.