From: [EMAIL PROTECTED] To: Dariush Pietrzak <[EMAIL PROTECTED]> Subject: Re: recommendations for FTP server Date: Sat, 21 Jun 2003 01:09:45 +0000
I know about SSL/TLS support in Proftp, the only problem is that few clients support it (thanks fot the link to the Woody backport). I would use it if I could find clients that are supported by multiple OSes. Are there any SSL/TLS clients for Windows, OS X or Mac 9x? > > Proftpd does support SSL/TLS. It's a module that comes with it, it's > > just not enabled by default. Some nice docs here: > > http://www.castaglia.org/proftpd/modules/mod_tls.html > > http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html > Actually... it's enabled by default, that's why it says 'no certificate > found' when you start it the first time. > Neither sftp nor anything else is a 'drop-in' replacement for ftp. > > The only problem with TLS/SSL in ftp is that there are not that many > clients that support that - there are NONE in woody. You need to backport > lftp from sid or compile it yourself ( I've got my backport available from > http://eyck.forumakad.pl/woody ./ ) > There are few other options - tlswrap changes every passive-capable ftp > client into TLS-capable ftp client, there is this nice POSIX/Windoze > lundfxp client etc.. > > The way I see it, sftp is way less secure way of providing access to files > then tls/ftp, you see, you need to create valid ssh-able accounts for all > your users, then it'll take you some time to secure those accounts just a > bit ( scp-only acount? - great, if you wanna play around and compile > special shell... there is no scp-shell in woody, there is one in sid. > Is it safe enough? Who knows ). > With ftp users need no shell, need no nothing. I create unlimited number > of users and worry not.... > > -- > Dariush Pietrzak, > I ain't the sharpest tool in a shed. > Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9 > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
