FTP Server

Greg fedora at packetstorm.org
Mon Feb 2 03:08:50 UTC 2004


I would not call it narrow minded. I think he was pointing at that using
encryption over clear-text services is better. Of course maybe I am
wrong in how I read it.

But I do think something important was missed. Just because SFTP/SCP
uses encryption does not make it MUCH more secure when looked at in how
I read the context of the original post.

The original post sounded to me like he was referring to the wu-ftp and
pro-ftpd past security exploits. Well, is not Sftp and SCP part of the
OpenSSH project? If so, there have been security vulnerabilities in
OpenSSH which I would think could affect SFTP and SCP.

Therefore, based on security vulnerabilities alone, I do not see how
sftp is much better than other ftp daemons.

But if the question was what should I use to ftp files to my remote
server over an untrusted link (btw, consider all links untrusted even
your own) then using a clear-text based ftp service is not the way I
would recommend doing it. Instead use sftp.

-greg

On Sun, 2004-02-01 at 13:02, Cowles, Steve wrote:
> Jason Dixon wrote:
> > On Sun, 2004-02-01 at 13:06, Nicholas Evans wrote:
> >> Hello,
> >> 
> >>     I've heard quite a few FTPd horror stories, and I was wondering -
> >> What is the most secure and reliable FTPd to use? The one that comes
> >> with Fedora, or something else? I've been looking on google, but I
> >> want some opinions. Thanks!
> > 
> > There is no such thing as a secure ftp server.  I highly suggest you
> > look into sftp/scp via OpenSSH.
> > 
> 
> Despite Jason's rather narrow minded view of what constitutes a secure
> service... I have been running pute-ftpd for a couple of years now. To this
> day, I have not regretted that decision.
> 
> Checkout: http://www.pureftpd.org
> 
> They even supply RPM's.
> 
> Steve Cowles
> 





More information about the fedora-list mailing list