Re: Proftpd+SSL/TLS!!!

Fri, 02 Aug 2002 00:43:48 -0500 

Hi,

Sorry if this has been said. I haven't been following the thread, but why not setup stunnel and run proftpd through that? I've done it here for mail and it works great (even with qmail and daemontools), so I see no reason why you couldn't do the same for FTP

Dave

At 14:32 1/08/2002 +0200, Jones Down wrote: 
Hi,

> Does anyone knows Proftpd+SSL/TLS was official idea from Proftpd ????

Itīs  something  I  absolutely  donīt  understand:  the  developers of
proftpd  are  not  supporting  this,  donīt  ask  me  why, itīs a real
problem...   unfortunately   I  am  no  C-Coder,  so  I  would  do  it
myself...*sigh*  ...  proftpd  has  really nice features (mysql lookup
e.g.), but NO SSL, and theres no ssl on the roadmap.

> Anyone got ideas as to the nature/solution of this problem?   ;-)

Well you could do a

apt-get install ftpd-ssl

but  then  you do not have all that nice advanced features of proftpd,
afaik no mysql-backend.

Also there is one bsd-ftp that can be found here:

http://bsdftpd-ssl.sc.ru/

it  uses pam for authentication, so somehow also keeping your users in
a mysql-db should be possible, but I didnīt get it to work.

My  alternative  is to use ssh, there is a really beatiful win-prog to
use scp, looks like mc, can be found here:

http://winscp.vse.cz/eng/

but  then  again  you  should setup a chroot environment, because itīs
still   not   possible   to restrict access to a directory with ssh as
tight  as  with some ftp-servers, because ssh needs some libraries and
stuff,  so  there  will be always more then just one upload-dir to see
for  the users. Also donīt forget, that with ssh you users have a full
shell account, so building that jail should be done with real care. In
most  cases itīs more than you want to give them - what again makes me
cry about missing ssl in proftpd :(

generally I also really would be happy, if one of the "big boys" could
tell  us  how  to  do  it  and  which  tools to setup, to get a secure
ftpd.  A nice solution would be to have mysql-backed virtual users for
ease of administration.

Have a nice day,
Jones


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to