> Proftpd does support SSL/TLS. It's a module that comes with it, it's > just not enabled by default. Some nice docs here: > http://www.castaglia.org/proftpd/modules/mod_tls.html > http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html Actually... it's enabled by default, that's why it says 'no certificate found' when you start it the first time. Neither sftp nor anything else is a 'drop-in' replacement for ftp.
The only problem with TLS/SSL in ftp is that there are not that many clients that support that - there are NONE in woody. You need to backport lftp from sid or compile it yourself ( I've got my backport available from http://eyck.forumakad.pl/woody ./ ) There are few other options - tlswrap changes every passive-capable ftp client into TLS-capable ftp client, there is this nice POSIX/Windoze lundfxp client etc.. The way I see it, sftp is way less secure way of providing access to files then tls/ftp, you see, you need to create valid ssh-able accounts for all your users, then it'll take you some time to secure those accounts just a bit ( scp-only acount? - great, if you wanna play around and compile special shell... there is no scp-shell in woody, there is one in sid. Is it safe enough? Who knows ). With ftp users need no shell, need no nothing. I create unlimited number of users and worry not.... -- Dariush Pietrzak, I ain't the sharpest tool in a shed. Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
