[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: recommendations for FTP server

> Proftpd does support SSL/TLS.  It's a module that comes with it, it's
> just not enabled by default.  Some nice docs here:
> http://www.castaglia.org/proftpd/modules/mod_tls.html
> http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
 Actually... it's enabled by default, that's why it says 'no certificate
found' when you start it the first time.
 Neither sftp nor anything else is a 'drop-in' replacement for ftp.

 The only problem with TLS/SSL in ftp is that there are not that many
clients that support that - there are NONE in woody. You need to backport
lftp from sid or compile it yourself ( I've got my backport available from
http://eyck.forumakad.pl/woody ./ ) 
 There are few other options - tlswrap changes every passive-capable ftp
client into TLS-capable ftp client, there is this nice POSIX/Windoze
lundfxp client etc..

 The way I see it, sftp is way less secure way of providing access to files
then tls/ftp, you see, you need to create valid ssh-able accounts for all
your users, then it'll take you some time to secure those accounts just a
bit ( scp-only acount? - great, if you wanna play around and compile
special shell... there is no scp-shell in woody, there is one in sid.
Is it safe enough? Who knows ).
 With ftp users need no shell, need no nothing. I create unlimited number
of users and worry not....

-- 
Dariush Pietrzak,
I ain't the sharpest tool in a shed.
Key fingerprint = 40D0 9FFB 9939 7320 8294  05E0 BCC7 02C4 75CC 50D9
Reply to: