ftp server
Ed Wilts
ewilts at ewilts.org
Fri Dec 17 19:01:58 UTC 2004
On Fri, Dec 17, 2004 at 09:43:05AM -0800, Nifty Hat Mitch wrote:
> I happen to like vsftpd as suggested by Alexander.
> You should also know that there are additional ftp choices.
> One important one to consider is sftp/sftp-server:
This isn't ftp at all - it's ssh with an ftp-like front-end.
The File Transfer Protocol (FTP) is well documented in the RFCs and it's
clear that sftp doesn't follow this protocol.
sftp is an alternative file transfer mechanism but it has a large enough
security hole in it (by default) that you can not possibly allow
untrusted users to use it.
> You should do some additional package searching so you
> understand why we recommend vsftpd and also why most
> of us turn off almost all forms of ftp and block ftp at
> our firewall.
Those of us who have to run large production FTP servers do not run
vsftpd for non-anonymous connections - it's horribly weak in its
configurability and by this nature alone, I consider it a security hole.
What it does it may do securely, but again, you can only use vsftpd with
a trusted user base.
There are far better FTP servers for untrusted clients out there,
including wu-ftpd and ProFTPd. Red Hat, even with its enterprise
product, has chosen not to provide an enterprise-quality FTP server.
--
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts at ewilts.org
Member #1, Red Hat Community Ambassador Program
More information about the fedora-list
mailing list