On Thu, Dec 07, 2006 at 12:06:04AM -0700, Nate Duehr wrote: > If their network truly won't support PASV FTP, then something is > seriously broken and they really need to get their network > administration folks to look into it... if they are not without clue. On the other hand, trying to use FTPS between two networks with stateful default-closed firewalls won't trivially work, since neither can inspect the control packets to know which ports to open for the data packets. PASV won't fix this one. At which point the server admin is required to preopen a bunch of ports, give the FTPS server that list, and hope the list is long enough. ^_^ (Alternatively, the client can open a bunch of ports, put those into their FTP client, and use Active FTP. No one ever seems to choose that solution though.) SFTP has the enormous advantage of being one connection from client to server on a known port, quite easy to firewall, and the enormous disadvantage of chewing lots of CPU and (in my experience) ending up being somewhat slower... Using blowfish as the symmetric cipher helps, and is probably secure enough for an sftp-only account. -- ----------------------------------------------------------- Paul "TBBle" Hampson, B.Sc, LPI, MCSE On-hiatus Asian Studies student, ANU The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361) Paul.Hampson@Pobox.Com Of course Pacman didn't influence us as kids. If it did, we'd be running around in darkened rooms, popping pills and listening to repetitive music. -- Kristian Wilson, Nintendo, Inc, 1989 License: http://creativecommons.org/licenses/by/2.1/au/ -----------------------------------------------------------
Attachment:
pgpbtWhR9xceo.pgp
Description: PGP signature