On 05/20/2014 06:55:39 AM, Nico Kadel-Garcia wrote: > If you *must* do this sort of thing, I'd urge running it on a > separate > sshd, with a separate sshd_config, running on another port, just to > keep it away from your SSH logins for other users and other uses. If > you're not compelled for other reasons to use this, vsftpd with FTPS > is a *lot* easier to set up. Firewalling excepted. Properly firewalling ftp is, grody. And, if you're serious (default-deny), requires a ftp proxy and passive-only ftp. Passive only ftp being yet another thing that the end-user can then do wrong. And passive ftp interferes with secure (default-deny) firewalling on the client end unless the reverse ftp-proxy hoop is jumped through there. You wind up spending nearly as much time configuring the ftp firewalling as you do all the rest of the firewall. Karl <kop@xxxxxxxx> Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein Karl <kop@xxxxxxxx> Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev