Robert, I figured I would reply to this, as it seems the responses you have received so far have lacked clarity (or haven't included all of the relevant information). There are two commonly used protocols that are functionally equivalent to FTP but use encrypted channels. They are: SFTP (SSH File Transfer Protocol) - http://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol FTPS (FTP Over SSL) - http://en.wikipedia.org/wiki/FTPS On the server side: The package vsftpd does not implement SFTP. It implements FTP (non-encrypted) and FTPS. OpenSSH (provided by openssh-server) implements the server-side of SFTP. It does not implement FTPS. On the client side: curl (provided by curl) and lftp (provided by lftp) van both act as clients for FTPS. sftp (provided by openssh-clients) and a wide variety of other file transfer programs act as clients for SFTP While both of these protocols provide roughly equivalent protection for ensuring that credentials are not passed in cleartext, SFTP has a couple major security advantages. a) public key client authentication, so your password doesn't need to be used, b) It is _much_ more firewall friendly, as it doesn't establish separate dynamic data connections. PK -----Original message----- From: Robert P. J. Day <rpjday@xxxxxxxxxxxxxx> Sent: Thu 06-02-2014 15:38 Subject: why would using "sftp" require disabling "vsftpd"? To: Fedora Users List <users@xxxxxxxxxxxxxxxxxxxxxxx>; > > again, reading RHEL 7-beta docs and here: > > https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7-Be > ta/html/System_Administrators_Guide/s1-ssh-configuration.html > > one reads: > > "For SSH to be truly effective, using insecure connection protocols > should be prohibited. Otherwise, a user's password may be protected > using SSH for one session, only to be captured later while logging in > using Telnet. Some services to disable include telnet, rsh, rlogin, > and vsftpd." > > never having used sftp before, i'm confused ... isn't sftp simply a > secure ftp client? and if so, why would one want to disable vsftpd? i > would still need an ftp server, would i not? can someone clarify what > that passage is saying? thanks. > > rday > > -- > > ======================================================================== > Robert P. J. Day Ottawa, Ontario, CANADA > http://crashcourse.ca > > Twitter: http://twitter.com/rpjday > LinkedIn: http://ca.linkedin.com/in/rpjday > ======================================================================== > -- > users mailing list > users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org > -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
