Re: why would using "sftp" require disabling "vsftpd"?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Feb 06, 2014 at 05:38:35PM -0500, Robert P. J. Day wrote:
> "For SSH to be truly effective, using insecure connection protocols
> should be prohibited. Otherwise, a user's password may be protected
> using SSH for one session, only to be captured later while logging in
> using Telnet. Some services to disable include telnet, rsh, rlogin,
> and vsftpd."
> 
>   never having used sftp before, i'm confused ... isn't sftp simply a
> secure ftp client? and if so, why would one want to disable vsftpd? i
> would still need an ftp server, would i not? can someone clarify what
> that passage is saying? thanks.

sftp is actually a completely different protocol -- it does file transfer
over an ssh channel established on the ssh port. This encrypts any passwords
in transit, or can be used with ssh keys so passwords are not ever used.

By contrast, despite having the substring sftp in its name, vsftpd is a
standard FTP server and by default transmits any passwords in plain text.
Although to add some complication, vsftpd supports SSL, which is a
relatively recent extension to the FTP protocol and may not work with all
traditional ftp clients.

If you are using passwords with sftp or with vsftpd over ssl, your security
exposure will be roughly the same. Or, if you are using vsftpd simply to
provide anonymous FTP and no one is logging in with passwords, the two can
simply coexist in different roles. The documentation means to warn you that
vsftpd in its non-SSL configuration (which is the default, I'm pretty sure),
any passwords or other sensitive information transferred will go in plain
text on the wire (or through the air with wireless, of course).



-- 
Matthew Miller    --   Fedora Project    --    <mattdm@xxxxxxxxxxxxxxxxx>
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux