Re: using OpenSSH/SFTP to replace an FTP server securely

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 05/20/2014 06:55:39 AM, Nico Kadel-Garcia wrote:

> If you *must* do this sort of thing, I'd urge running it on a 
> separate
> sshd, with a separate sshd_config, running on another port, just to
> keep it away from your SSH logins for other users and other uses. If
> you're not compelled for other reasons to use this, vsftpd with FTPS
> is a *lot* easier to set up.

Firewalling excepted.  Properly firewalling ftp is, grody.
And, if you're serious (default-deny), requires a ftp proxy 
and passive-only ftp.  Passive only ftp being yet another thing 
that the  end-user can then do wrong.  And passive ftp interferes 
with secure (default-deny) firewalling on the client end unless 
the reverse ftp-proxy hoop is jumped through there.

You wind up spending nearly as much time configuring the ftp
firewalling as you do all the rest of the firewall.

Karl <kop@xxxxxxxx>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein




Karl <kop@xxxxxxxx>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux