Re: chrooted SFTP and FTP with writable root?

To: debian-user@lists.debian.org
Subject: Re: chrooted SFTP and FTP with writable root?
From: Chris Davies <chris-usenet@roaima.co.uk>
Date: Wed, 05 Oct 2011 20:34:41 +0100
Message-id: <[🔎] h3oul8xtpe.ln2@news.roaima.co.uk>
Reply-to: chris@roaima.co.uk
References: <[🔎] AD284060-8887-4611-9091-D1158BC459AA@intrismail01.intris.be> <[🔎] 4E8C954D.3080504@affinityvision.com.au>

Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> wrote:
> Why allow ftp when sftp is available?

There are, sadly, always reasons why ftp may be required alongside
sftp. Where I work, we mandate sftp for file transfer and do not provide
ftp service.

Ever.

None at all.

Period.

Except when a customer insists on using ftp and won't use sftp.

At this point we give them a gazillion reasons why ftp is bad and sftp is
good, and generally point them at (Windows-based) applications such as
WinSCP or Filezilla. And then we open up the firewall to permit inbound
ftp from their nominated IP address (range).

Needless to say, the server is pretty tightly locked down. Oh, and since
it's a bastion host it's still got no access to our internal systems.

Chris

Reply to:

References:
- chrooted SFTP and FTP with writable root?
  - From: <Steven.Post@intris.be>
- Re: chrooted SFTP and FTP with writable root?
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>

Prev by Date: Re: IP address depending on the MAC
Next by Date: Re: Re:mailer
Previous by thread: Re: chrooted SFTP and FTP with writable root?
Next by thread: distcc: gcc 4.6 on stable?
Index(es):
- Date
- Thread