Re: chrooted SFTP and FTP with writable root?
Andrew McGlashan <firstname.lastname@example.org> wrote:
> Why allow ftp when sftp is available?
There are, sadly, always reasons why ftp may be required alongside
sftp. Where I work, we mandate sftp for file transfer and do not provide
None at all.
Except when a customer insists on using ftp and won't use sftp.
At this point we give them a gazillion reasons why ftp is bad and sftp is
good, and generally point them at (Windows-based) applications such as
WinSCP or Filezilla. And then we open up the firewall to permit inbound
ftp from their nominated IP address (range).
Needless to say, the server is pretty tightly locked down. Oh, and since
it's a bastion host it's still got no access to our internal systems.