FTP Server
Greg
fedora at packetstorm.org
Mon Feb 2 03:08:50 UTC 2004
I would not call it narrow minded. I think he was pointing at that using
encryption over clear-text services is better. Of course maybe I am
wrong in how I read it.
But I do think something important was missed. Just because SFTP/SCP
uses encryption does not make it MUCH more secure when looked at in how
I read the context of the original post.
The original post sounded to me like he was referring to the wu-ftp and
pro-ftpd past security exploits. Well, is not Sftp and SCP part of the
OpenSSH project? If so, there have been security vulnerabilities in
OpenSSH which I would think could affect SFTP and SCP.
Therefore, based on security vulnerabilities alone, I do not see how
sftp is much better than other ftp daemons.
But if the question was what should I use to ftp files to my remote
server over an untrusted link (btw, consider all links untrusted even
your own) then using a clear-text based ftp service is not the way I
would recommend doing it. Instead use sftp.
-greg
On Sun, 2004-02-01 at 13:02, Cowles, Steve wrote:
> Jason Dixon wrote:
> > On Sun, 2004-02-01 at 13:06, Nicholas Evans wrote:
> >> Hello,
> >>
> >> I've heard quite a few FTPd horror stories, and I was wondering -
> >> What is the most secure and reliable FTPd to use? The one that comes
> >> with Fedora, or something else? I've been looking on google, but I
> >> want some opinions. Thanks!
> >
> > There is no such thing as a secure ftp server. I highly suggest you
> > look into sftp/scp via OpenSSH.
> >
>
> Despite Jason's rather narrow minded view of what constitutes a secure
> service... I have been running pute-ftpd for a couple of years now. To this
> day, I have not regretted that decision.
>
> Checkout: http://www.pureftpd.org
>
> They even supply RPM's.
>
> Steve Cowles
>
More information about the fedora-list
mailing list