using OpenSSH/SFTP to replace an FTP server securely
Karl O. Pinc
kop at meme.com
Wed May 21 01:38:51 EST 2014
On 05/20/2014 06:55:39 AM, Nico Kadel-Garcia wrote:
> If you *must* do this sort of thing, I'd urge running it on a
> separate
> sshd, with a separate sshd_config, running on another port, just to
> keep it away from your SSH logins for other users and other uses. If
> you're not compelled for other reasons to use this, vsftpd with FTPS
> is a *lot* easier to set up.
Firewalling excepted. Properly firewalling ftp is, grody.
And, if you're serious (default-deny), requires a ftp proxy
and passive-only ftp. Passive only ftp being yet another thing
that the end-user can then do wrong. And passive ftp interferes
with secure (default-deny) firewalling on the client end unless
the reverse ftp-proxy hoop is jumped through there.
You wind up spending nearly as much time configuring the ftp
firewalling as you do all the rest of the firewall.
Karl <kop at meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
Karl <kop at meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
More information about the openssh-unix-dev
mailing list