On Mon, Mar 14, 2005 at 11:42:07AM +0100, Padiyath Sreekumaran wrote: > > At present we are using ProFTPD on our ftp server. > On this server we have anonymous ftp access as well > as access to pre defined project users(via projectname/password). > These people also access via ftp. Our security person likes to have > sftp instead of ftp access to these project accounts. I have NOT > configured this server. > I would like to know the following: > > Is it possible to use annonymous ftp as well as sftp > access to the same ftp server? If possible how one has to > configure FTP server? sftp and ftp are totally different servers and are not related to each other at all. sftp isn't a secure version of ftp - it's simply an ssh server that emulates some ftp commands. > Is there a better FTP SW(more secure) than ProFTPD for server usage? All FTP servers basically have the same issue - the data and control traffic are in plain text, and that's your security person's concern. ProFTPd (and others) support TLS which provides an encryption layer inside of the FTP server. In some cases these work fairly well. In other cases, they don't work at all because of the restrictions in the FTP protocol. Search for TLS on the proftpd.org site. For example, see http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html Sftp has its own set of limitations. For example, Red Hat does not currently offer an sftp server that allows you to configure any sort of restrictions at all. Given sftp access to the server, your customers could easily turn your system into an instant pirate site by using /tmp as a transfer location. They could retrieve all of your pam configuration files to see if you disable accounts after a predetermined number of failed logins. They could then retrieve /etc/passwd and issue a complete denial of server on your system by disabling all of your accounts. Its limitations like this that actually make ftp *more* secure than sftp in many environments even with the unencrypted traffic. You may want to consider using gpg to encrypt your data traffic. Your username/password information still flows in plain text, but the data is encrypted. You still have the powerful configuration directives in ProFTPd. > We are using RedHat as OS on the FTP server. Red Hat is a company, not an OS. There are many versions of their distributions and you can look at /etc/redhat-release to see which one you are running. In this case, however, the specific version doesn't matter. -- Ed Wilts, RHCE Mounds View, MN, USA mailto:ewilts@xxxxxxxxxx Member #1, Red Hat Community Ambassador Program -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
