Ed Wilts wrote:
Maybe we could discuss this off-list. I don't see how sftp is a 'free-for-all', unless it is configured to bypass the user login and password.In many cases, ftp is *more* secure than sftp. With ftp, you have a lot of control over who can do what through the ftpaccess file (in wu-ftpd). With sftp, it's a free-for-all. In very practical terms, the odds of anybody being able to sniff passwords these days is very slim. The odds of somebody grabbing your passwd file if they've got sftp access to your system are much larger.
Default RedHat installation requires a username and a password for sftp connections. A normal user could grab my passwd file, but not the shadow passwd file, so I don't see how that would do them much good.
I am not a security expert, nor a cracker/hacker. I would like to learn more, so if you have some time, please email me privately and elaborate.
rk
-- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
