Re: security of deb pkg's proftp and sftp

To: William Jensen <jensenb@bodach.com>
Cc: debian-user@lists.debian.org
Subject: Re: security of deb pkg's proftp and sftp
From: Nate Amsden <aphro@aphroland.org>
Date: Sun, 10 Sep 2000 20:09:21 -0700
Message-id: <[🔎] 39BC4CE1.9D60B37F@aphroland.org>
References: <[🔎] 20000910220304.A12713@bodach.com>

William Jensen wrote:
> 
> Can anyone shed any light upon the likely security risks I would run using
> proftpd vs sftp?  From what I can tell sftp is for users only and it sets
> up an encrypted connection before any passwords/users names are sent.  That's
> great, but how secure is this against hackers?  Any different than proftpd?

i wouldn't use proftpd period. it has a history of security problems,
and (according to some bugtraq posters) is not designed with security in
mind(despite what their webpage says) most/all of the  "known" holes are
covered, but that doesn't mean it's secure.  if i were to use a ftp
server i would use 'ftpd' which is a port from openbsd. very simple,
small, secure server. not much on features but it works. i wouldn't use
anything else in an untrusted enviornment. as far as secure transfers go
i use scp which uses ssh connections/authentication. if you want to keep
'hackers' out, i suggest using it and disabling password authentication
in SSH and force RSA passphrase authentication. of course this requires
you have knowledgable users(or you tell them how to create passphrases
and stuff)

nate

-- 
:::
ICQ: 75132336
http://www.aphroland.org/
http://www.linuxpowered.net/
aphro@aphroland.org

Reply to:

Follow-Ups:
- Re: security of deb pkg's proftp and sftp
  - From: S.Salman Ahmed <ssahmed@pathcom.com>

References:
- security of deb pkg's proftp and sftp
  - From: William Jensen <jensenb@bodach.com>

Prev by Date: Re: ClassyTcl
Next by Date: Harddrive Weirdness
Previous by thread: security of deb pkg's proftp and sftp
Next by thread: Re: security of deb pkg's proftp and sftp
Index(es):
- Date
- Thread