why would using "sftp" require disabling "vsftpd"?
Tim Evans
tkevans at tkevans.com
Thu Feb 6 22:51:39 UTC 2014
On 02/06/2014 05:38 PM, Robert P. J. Day wrote:
>
> again, reading RHEL 7-beta docs and here:
>
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/System_Administrators_Guide/s1-ssh-configuration.html
>
> one reads:
>
> "For SSH to be truly effective, using insecure connection protocols
> should be prohibited. Otherwise, a user's password may be protected
> using SSH for one session, only to be captured later while logging in
> using Telnet. Some services to disable include telnet, rsh, rlogin,
> and vsftpd."
>
> never having used sftp before, i'm confused ... isn't sftp simply a
> secure ftp client? and if so, why would one want to disable vsftpd? i
> would still need an ftp server, would i not? can someone clarify what
> that passage is saying? thanks.
Actually 'sftp' is a special interface to ssh that looks and acts like
ftp, but doesn't use the ftp protocol. You do not need to maintain a
vsftpd server to support folks using sftp.
--
Tim Evans | 5 Chestnut Court
Linux/UNIX Consulting | Owings Mills, MD 21117
http://www.tkevans.com/ | 443-394-3864
tkevans at tkevans.com
More information about the users
mailing list