Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

CyberDuck

doubledee

doubledee

macrumors 6502
Original poster
May 14, 2012
496
0
Arizona
Does anyone have experience using CyberDuck as an SFTP client?

It looks like a decent product, but their documentation is lacking, and there is no way to contact the creators?!

Security is extremely important to me, and after finding out last night that FileZilla stores your passwords in plain-text, it is time to look for a new solution!! :eek:

While CyberDuck looks promising, I have these questions/concerns...

1.) How does CyberDuck store log-in credentials?

2.) Is it possible to just use Keys for logging into my VPS, and thus bypass needing to give out my cPanel username and password?

3.) Do you think CyberDuck is more secure than most FTP clients?

4.) What do you think about the creator of FileZilla's views on security?

I have read his views, and he sees NO ISSUE with storing passwords as plain-text "because it's up to your operating system to protect them!" :rolleyes:

That seems really ignorant and negligent to me!


I feel really stressed right now! *sigh* I have spent all of this time securing my VPS, and figured installing an FTP client was the easiest part. But after what I read about FileZilla, it made me very aware how one little thing could destroy all of my other security efforts.

And like so many things with security, how do you really know what you are using is safe?? :(

Sincerely,


Debbie
 
doubledee said:
Does anyone have experience using CyberDuck as an SFTP client?
Click to expand...

I used Cyberduck in the past. Its a nice lil' app. I use Filezilla presently and much prefer it. I get around the password issue having set up Filezilla to NOT store my password.
 
Last edited by a moderator:
Although a CyberDuck user for many years I finally abandoned it a few years ago. The reason was not any of those listed but that it is horribly slow at anything it does. In addition, it's a Java application, which I have personally banished from my Macs.

I don't know the history of Filezilla's password storage but agree that if it's still really storing passwords in plain text then you have a right to be concerned. Any reasonable Mac application should at at a minimum use Keychain for the storage of credentials.

When wanting to move away from CyberDuck a few yeas ago I researched and evaluated several free SFTP clients and came away disappointed with all of them. So, I them looked into a few of the most popular paid applications. For a tool that I rely on daily I was happy to pay for a polished application. I ended up choosing Panic Transmit (http://www.panic.com/transmit/).

Transmit is a great application that is a native Mac application (no Java) and blows away CyberDuck at transfer speed. It's also got a very polished GUI and a full feature set. Per your questions, Transmit stores passwords securely in Apple's Keychain if you are using passwords. However, it also automatically will use any SSH pub/priv keys that you have already established through terminal. So, no passwords necessary.

Obviously, it also must be mentioned that the best free SFTP client is always going to just be Terminal. Depending on your needs, it's hard to beat just using SCP or RSYNC from terminal. But, I understand that having a GUI is certainly nice for many situations.

Have a look at Transmit if you are willing to buy a paid FTP client.
 
IHelpId10t5 said:
Although a CyberDuck user for many years I finally abandoned it a few years ago. The reason was not any of those listed but that it is horribly slow at anything it does. In addition, it's a Java application, which I have personally banished from my Macs.
Click to expand...

I guess the Java thing could be considerd a security issue, too. (Or is that just for websites using Java through browsers?)


IHelpId10t5 said:
I don't know the history of Filezilla's password storage but agree that if it's still really storing passwords in plain text then you have a right to be concerned.
Click to expand...

After what I read, I think the creator of FileZilla is an idiot!


IHelpId10t5 said:
Any reasonable Mac application should at at a minimum use Keychain for the storage of credentials.
Click to expand...

Not sure how much I trust Keychain either...



IHelpId10t5 said:
When wanting to move away from CyberDuck a few yeas ago I researched and evaluated several free SFTP clients and came away disappointed with all of them. So, I them looked into a few of the most popular paid applications. For a tool that I rely on daily I was happy to pay for a polished application. I ended up choosing Panic Transmit (http://www.panic.com/transmit/).

Transmit is a great application that is a native Mac application (no Java) and blows away CyberDuck at transfer speed. It's also got a very polished GUI and a full feature set.
Click to expand...

I checked out their website yesterday, but was disappointed with the fact that they have NO DOCUMENTATION on their website. (Um, I'm a techie, and I like to read specs and manuals more than look at pretty, yet shallow marketing sheets.)



IHelpId10t5 said:
Per your questions, Transmit stores passwords securely in Apple's Keychain if you are using passwords. However, it also automatically will use any SSH pub/priv keys that you have already established through terminal. So, no passwords necessary.
Click to expand...

What about CyberDuck...

It looks like if I set it up to use a public/private key pair then I don't ever have to give out my username and password (i.e. cPanel credentials). Is that correct?

Also with CyberDuck there was something about a "pass-phrase" on the Keys. Any idea how that gets stored, and if you are safer with or without using it??


IHelpId10t5 said:
Obviously, it also must be mentioned that the best free SFTP client is always going to just be Terminal. Depending on your needs, it's hard to beat just using SCP or RSYNC from terminal. But, I understand that having a GUI is certainly nice for many situations.
Click to expand...

Good point, but a little too complicated for me right now.

Thanks,


Debbie
 
CyberDuck is free to try - doing so for a few days will probably answer most of your questions. I also switched to CyberDuck after learning about Filezilla's security problems.

doubledee said:
1.) How does CyberDuck store log-in credentials?
Click to expand...

Storage is optional, but if you choose to store credentials it is done via the Mac's native Keychain app.

doubledee said:
2.) Is it possible to just use Keys for logging into my VPS, and thus bypass needing to give out my cPanel username and password?
Click to expand...

Could be wrong but I don't believe so. But if you are using Keychain and SFTP (not regular FTP) there shouldn't be a problem with using cPanel credentials.

doubledee said:
3.) Do you think CyberDuck is more secure than most FTP clients?
4.) What do you think about the creator of FileZilla's views on security?
Click to expand...

I have only ever used FileZilla and CyberDuck - CyberDuck meets all my security needs and is absolutely a better choice than FileZilla in my opinion. Regardless of location, storing passwords in plaintext is never ideal.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back