On 05/20/2014 06:55:39 AM, Nico Kadel-Garcia wrote:
> If you *must* do this sort of thing, I'd urge running it on a
> separate
> sshd, with a separate sshd_config, running on another port, just to
> keep it away from your SSH logins for other users and other uses. If
> you're not compelled for other reasons to use this, vsftpd with FTPS
> is a *lot* easier to set up.
Firewalling excepted. Properly firewalling ftp is, grody.
And, if you're serious (default-deny), requires a ftp proxy
and passive-only ftp. Passive only ftp being yet another thing
that the end-user can then do wrong. And passive ftp interferes
with secure (default-deny) firewalling on the client end unless
the reverse ftp-proxy hoop is jumped through there.
You wind up spending nearly as much time configuring the ftp
firewalling as you do all the rest of the firewall.
Karl <kop@xxxxxxxx>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
Karl <kop@xxxxxxxx>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
