Discussion in 'Mac Basics and Help' started by doubledee, Feb 16, 2015.

  1. doubledee macrumors 6502


    May 14, 2012
    Does anyone have experience using CyberDuck as an SFTP client?

    It looks like a decent product, but their documentation is lacking, and there is no way to contact the creators?!

    Security is extremely important to me, and after finding out last night that FileZilla stores your passwords in plain-text, it is time to look for a new solution!! :eek:

    While CyberDuck looks promising, I have these questions/concerns...

    1.) How does CyberDuck store log-in credentials?

    2.) Is it possible to just use Keys for logging into my VPS, and thus bypass needing to give out my cPanel username and password?

    3.) Do you think CyberDuck is more secure than most FTP clients?

    4.) What do you think about the creator of FileZilla's views on security?

    I have read his views, and he sees NO ISSUE with storing passwords as plain-text "because it's up to your operating system to protect them!" :rolleyes:

    That seems really ignorant and negligent to me!

    I feel really stressed right now! *sigh* I have spent all of this time securing my VPS, and figured installing an FTP client was the easiest part. But after what I read about FileZilla, it made me very aware how one little thing could destroy all of my other security efforts.

    And like so many things with security, how do you really know what you are using is safe?? :(


  2. phrehdd, Feb 16, 2015
    Last edited by a moderator: Feb 16, 2015

    phrehdd macrumors 68040


    Oct 25, 2008
    I used Cyberduck in the past. Its a nice lil' app. I use Filezilla presently and much prefer it. I get around the password issue having set up Filezilla to NOT store my password.
  3. IHelpId10t5 macrumors 6502

    Nov 28, 2014
    Although a CyberDuck user for many years I finally abandoned it a few years ago. The reason was not any of those listed but that it is horribly slow at anything it does. In addition, it's a Java application, which I have personally banished from my Macs.

    I don't know the history of Filezilla's password storage but agree that if it's still really storing passwords in plain text then you have a right to be concerned. Any reasonable Mac application should at at a minimum use Keychain for the storage of credentials.

    When wanting to move away from CyberDuck a few yeas ago I researched and evaluated several free SFTP clients and came away disappointed with all of them. So, I them looked into a few of the most popular paid applications. For a tool that I rely on daily I was happy to pay for a polished application. I ended up choosing Panic Transmit (

    Transmit is a great application that is a native Mac application (no Java) and blows away CyberDuck at transfer speed. It's also got a very polished GUI and a full feature set. Per your questions, Transmit stores passwords securely in Apple's Keychain if you are using passwords. However, it also automatically will use any SSH pub/priv keys that you have already established through terminal. So, no passwords necessary.

    Obviously, it also must be mentioned that the best free SFTP client is always going to just be Terminal. Depending on your needs, it's hard to beat just using SCP or RSYNC from terminal. But, I understand that having a GUI is certainly nice for many situations.

    Have a look at Transmit if you are willing to buy a paid FTP client.
  4. doubledee thread starter macrumors 6502


    May 14, 2012
    I guess the Java thing could be considerd a security issue, too. (Or is that just for websites using Java through browsers?)

    After what I read, I think the creator of FileZilla is an idiot!

    Not sure how much I trust Keychain either...

    I checked out their website yesterday, but was disappointed with the fact that they have NO DOCUMENTATION on their website. (Um, I'm a techie, and I like to read specs and manuals more than look at pretty, yet shallow marketing sheets.)

    What about CyberDuck...

    It looks like if I set it up to use a public/private key pair then I don't ever have to give out my username and password (i.e. cPanel credentials). Is that correct?

    Also with CyberDuck there was something about a "pass-phrase" on the Keys. Any idea how that gets stored, and if you are safer with or without using it??

    Good point, but a little too complicated for me right now.


  5. NikMac macrumors member

    Feb 9, 2008
    CyberDuck is free to try - doing so for a few days will probably answer most of your questions. I also switched to CyberDuck after learning about Filezilla's security problems.

    Storage is optional, but if you choose to store credentials it is done via the Mac's native Keychain app.

    Could be wrong but I don't believe so. But if you are using Keychain and SFTP (not regular FTP) there shouldn't be a problem with using cPanel credentials.

    I have only ever used FileZilla and CyberDuck - CyberDuck meets all my security needs and is absolutely a better choice than FileZilla in my opinion. Regardless of location, storing passwords in plaintext is never ideal.

Share This Page

4 February 16, 2015