Thanks for your response. I need to ask a few questions to clarify for me.
I use Putty to access SSH and FileZilla for FTP/SFTP.
Zope (therefore Plone?) does not support SFTP, correct? This is what you mean by protocol support for Plone, correct?
what does it mean that buildout supports SFTP.
In the documentation, I found this: "Then you can use sftp URLs for find-links or index URLs."
the buidout plugin you mention is a plugin for buildout which is the tool configure and install plone and its plugins. It adds no features to zope or plone itself.
Plones support for FTP and webdav comes directly from Zope. Zopes implementation of ftp is old and built at a very low lever into Zope. It doesn't support sftp and probably isn't likely in the near future but there is no harm in submitting a feature request to the zope community to support it.
I'm not sure if there is another way of support sftp to upload cotnent into plone. Perhaps if there is s standalone sftp to fto/webdav server?
Some dozen years ago, when he was at Zope Corp., Fred Drake once wrote an "SFTPGateway" that was a proxy from SFTP to passive FTP, intending to target ZServer. It was never released to my knowledge (just in long-since-dead public CVS), and even if resurrected would likely require significant update to work with current Twisted and pyCrypto... at which point, even if you could obtain this, I suspect it would be easier to re-write something like from the ground-up this based on Paramiko to support current protocols (12 years is a long time for bit rot).
Anyway, you have some alternatives to consider:
(1) Use stunnel across public networks. Or a VPN.
(2) Use DAV, really. At the point where you are using FTP to ZServer, you might as well. Let the encrypted channel be a commodity HTTP proxy problem for Apache or nginx.
(3) Do what Steve suggests, and just SFTP file uploads to file system. If you don't want to use Reflecto to wrap/serve them, then write a cron job or a small file-watcher (e.g. use watchdog or iNofify, etc) to sync them into your ZServer based on hard-coded criteria for destination folder.
(4) Write software to make something similar to SFTPGateway/proxy solution, likely not the practical choice.
I should also point out: SSH, even to OpenSSH, is super-slow channel for uploading on high-speed networks, maybe 2.5 times slower than CIFS or HTTP.
IMHO, while imperfect, WebDAV is the path of least resistance.
Thanks all for your explanation. Now I understand the different moving parts.
I use SFTP over FileZilla when communicating with my server, so I know that is safe.
FTP is via low level Zope stuff and unlikely to change.
SteveM, you had some good ideas. I think the approach I'll take is either accept insecure FTP, or in the past I've used WebDAV and/or https (put) to upload files. I'll have to go back and refresh my memory and see if either will work for what I want.
I'm quibbling, really just to quibble, with this. Not for any good reason
ftp is obnoxiously resistant to tunneling due to the odd dual-channel mechanism (control and data). All it's really possible to protect via tunneling is the control channel. That protects your passwords, but the data will transfer in the clear. Since it's passing in the clear, it's not slowed by SSH. O'Reilly's SSH book is a great resource, and the FTP chapter is online: http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch11_02.htm
While I am no protocol expert, what I'm referring to with SFTP upload speeds is OOTB flow-control slowness in OpenSSH:
I noticed on my home 802.11 network that uploading multi-GB ISO files over SFTP was 2-3 times slower than using CIFS or AFS between two Macs (regardless of compression options), and have concluded this is largely an OpenSSH prototcol issue.
Yes and yes. It uses 5mb upload chunks into a tmp folder and reasembles them at the end. Soit either needs a shared tmp folder or sticky sessions.
It would be nice if the implementation had a mode that didn't require sticky sessions but I can't see how without zodb bloat. Maybe by used a shared tempory storage?
Be aware there are a couple of bugs with what was released in plone 5, mainly that some js was omitted. But its not hard to fix.