> another potential problem with FTPS vs. SFTP is > firewalling. SFTP needs just one port, FTPS needs > several, as its really just 'good' ole ftp. And I > would certainly be curious how you would proxy an > encrypted ftp connection.... > > -Matt
You're right but there's no official Solution for SFTP. And who wanna use a non-official patch? I've not the time to review them and I guess most of the guys here don't have the time either. :-/ And you're absolutly right. If you provide FTPS you also provide all the security problems related to the FTP-Protocol. But better touse stunnel and the ftpD (or another ftpD with build in support of SSL) as to risk to get compromised by any "SSH"-Patch. Btw: Because providing anon-SFTP-Acces: In a time where mostly everybody is observed just because any anti-terror-law in any country I think it's also importent to secure even anonymous-provided Services like e.g. "Anon-SFTP". I wont have the feeling that everybody reads my mail even everybody can know that I send an e-Mail to e.g. my grand-mother. That is just my oppinion. And that's why I personaly would be happy to get such a "official"-SFTP-only "hack" even I can't do it myself. Maybe the chance that OpenSSH gets an own official RFC grow up if the protocol itself spreads more and more. :) Because as far as I know there's no official RFC. Kind regards, Sebastian
