Skip navigation
This discussion is archived

AFP Encryption?

3435 Views 4 Replies Latest reply: Jun 27, 2008 1:49 AM by Graham Perrin RSS
mten44 Level 1 Level 1 (5 points)
Currently Being Moderated
Jun 16, 2008 9:10 AM
I'm looking to share some files with a friend over the internet using AFP, however I only know enough about AFP and SSH to confuse myself thoroughly.

My understanding is that only the username/password authentication of an AFP session are encrypted? Is this true?

If that is true, essentially wouldn't the files I am transferring be open to the same risks associated with emailing a file as an attachment?

If my assumption is not true, is the only way to make a secure connection via SSH? And if so... how the heck do you do it?!?!?

Thanks,
MLT
MacBook Pro, Mac OS X (10.5.3)
  • orangekay Level 5 Level 5 (4,085 points)
    Currently Being Moderated
    Jun 16, 2008 9:17 AM (in response to mten44)
    Email is less secure because the complete message is bounced around from server to server. Anyone with access to any of those servers can read the entire thing without much effort. To reconstruct a file from an AFP transmission they'd have to capture every packet and care enough about spying on you to spend the time piecing it together.

    Your password on the other hand could be sniffed out if sent as clear text, but I don't believe AFP does that by default in Leopard.
    Several, Mac OS X (10.5.2)
  • V.K. Level 9 Level 9 (56,120 points)
    Currently Being Moderated
    Jun 16, 2008 9:21 AM (in response to mten44)
    I'm frankly not sure what exactly gets encrypted when you connect via AFP. To make an ssh tunnel you use ssh with -L switch.

    First you open an ssh tunnel:


    ssh –L 7777:localhost:548 johndoe@remotoe.address

    this will make a tunnel from port 7777 on your computer (that number can be changed at will) to the port 548 on the remote computer (that's what AFP uses).

    Then when you use connect to server command in finder you enter

    afp://localhost:7777
    Mac Pro 3.2 GHz, Mac OS X (10.5.3), Mac Pro 2.66GHz, powerbook G4 1.5GHz
  • Graham Perrin Level 2 Level 2 (240 points)
    Currently Being Moderated
    Jun 27, 2008 1:49 AM (in response to V.K.)
    http://developer.apple.com/documentation/Security/Conceptual/SecurityOverview/Concepts/chapter_3_section_4.html#//appleref/doc/uid/TP30000976-CH203-CHDCCDIA

    data encrypted with the session key is secure while in transit


    Diffie-Hellman key exchange is supported by Apple Filing Protocol (AFP) version 3.1 and later and by Apple’s Secure Transport API.


    etc..
    Xserve, Other OS, Mac OS X Server 10.5.3

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.