On 10/06/2010 05:33 PM, Paul Cartwright wrote:
On Wed October 6 2010, Rick Stevens wrote:
so, is it better to ftp over SSL or sftp using ssh?
As others have said, chrooting FTPS is easier than chrooting ssh and its kin. sftp also infers ssh must be available as well. I don't know if that's true or not. If it is and someone guesses your password, then they get a shell via ssh. Depends on how paranoid you are.
I'm... a small home user, and not at all familiar with chrooting, should I be using it too? as for the guessing my password, that is a good point. Though I do not do that as root, still, that would allow access to my system.
It depends on how secure you wish to be. If your site is going to get a lot of traffic or you're going to have a lot of different people uploading to you, yes, I'd consider a chroot environment (a.k.a. chroot jail). The details of a chroot jail are available elsewhere and I won't go into the details here.
FTPS has the ability to use three different encryption things: no encryption, encryption of just the control channel or encryption of both control and data connections. vsftpd allows you to run both regular FTP and FTPS using the same daemon and there's no possibilty of an outsider getting a shell.
vsftpd, I'll have to check that out. thanks for the tips& info, always good to learn new useful apps..
It's up to you. We use sftp for most things here, but I've had a lot of clients in the past want FTP/FTPS. As for the paranoia thing:
"Just because I'm paranoid doesn't mean they AREN'T out to get me!"
that's exactly how I think when I'm out on my motorcycle:)
---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, C2 Hosting ricks@nerd.com - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - Give me ambiguity or give me something else! - ----------------------------------------------------------------------