Sorry for answering this off topic post. > you could have "vsftpd" to support FTPS rather than SFTP In the past we offered FTPS to our industry clients, but my collegues which admister the old FTPS server told that FTPS would often be problematic with customers because of firewall/port/certificate issues or something like that (I do not know FTPS), so we migrate customers from FTPS to SFTP, which has simply one TCP port (and luckily, PKI is not established in practice with OpenSSH!). (if customers insist to use FTPS they can use it on the old server, though) > convince your user community to switch to FTPS enabled clients Well we do not have a "user community" but industry clients, some of them big companies, so to change this is practically impossible. The decision for SFTP was made ten years ago, and we need to support SFTP for decades now on :) It took years to achieve the sftp service to become reasonably robust stable, there popped up many problems through the years which was then fixed, and with so many customers you experience ever new unexpected fancy client behaviour. And then we have the forwarding from the sftp service to the backend processing and back, which is also not trivial. Just to mention, 18 million files transferred via SFTP last month: inbound 8 252 591 outbound 10 074 881 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev