FTP+ssl is just as bad. One of the problems is the way the client talks with the server, and not just the authentication.
No it is not bad, I work for a large ISP and ftp is great for most people they can easily get something that can do ftp, secondly its extremely simple to use, you can drag and drop, even in an Microcrap environment, which is what most average users use out there. Imagine trying to educate someone about ssh et al, ftp is simple, ftp + ssl is even better, one can give people the ability to use the same simple system system without having them hit another learning curve and provide security for them in the process.
I haven't seem many sftp/scp proggies out there, WinSCP being the exception that does really well. FTP has been around for a while and can do the job for trivial things. Usually tech savvy people are the ones employing ssh technologies. :)
sftp is much better in terms of auth, but much slower than simple HTTP for data transfer.
In what way ? I mean you can hook ftp servers into various auth backends, for instance PureFTPD will do LDAP which is great for many places if they don't want this then the regular /etc/passwd system is available. On most systems - most do have PAM nowadays - ssh/sftp/scp would use the same auth system as would ftp. If you don't then maybe there is something unique to your environment or maybe there would be need for one to rethink their authentication system.
I usually use wget to get my files for example iso's and they have really good speeds. I have moved around files to different cities and back using scp/sftp and I haven't had a performance hit actually.
Cheers,
Aly.
-- Aly Dharshi aly.dharshi@xxxxxxxxx
"A good speech is like a good dress that's short enough to be interesting and long enough to cover the subject"
