Re: Secure replacement for FTP (other then SSH)
We have roughly 100 (untrusted) users transferring and downloading files "securely". We run proftpd (http://www.proftpd.org/) along with mod_tls (Transport Security Layer) to achieve something which is semi-secure. See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html for a short how-to.
On OS X there's Captain FTP which supports this well while on Windows I'm sure there are plenty of clients capable of utilizing this sort of thing.
I'm really happy to see people are starting to realize the limitations of FTP, so hopefully we'll start seeing more solutions designed with security in mind.
Good luck Franki.
Kindly,
Didde
On 16 jan 2005, at 15.29, Franki wrote:
Hi guys,
I've been looking to replace as many un-encrypted connections to my boxes as possible, I've replaced pop3 and imap with their ssl equiv.. and allow only SSH access.
The problem with SSH, is that it ends up giving people terminal access as part of the deal, and also that it doesn't give me the ability to lock people into their home directory as does FTP (with something like ProFTP server end.)
Basically the only answer I've found so far, is to setup each user chroot in their own home directories, but thats time consuming and makes server updates and upgrades more difficult..
Is there such a thing as SSL protected FTP and is it widely supported by FTP clients? can any of the current crop of FTP servers on offer do it out of the box with only config changes? Some FTP servers allow you lock users into specific directories, so if they supported encryption, I'd have my answer.
I'd appreciate any info on how you guys lock users into their own little space, as searching for info on the net for variants of secure FTP or encrypted FTP just return allot of results for SFTP and SSH...
kindest regards
Franki
Reply to: