I shut off FTP access in January and lost about 10% of my Web-hosting users. It seems almost all of them are on MS-Windows, and they have ongoing problems with their SSH/SFTP clients WinSCP[23] and psftp.exe. I don't want to bring back plain-old FTP because of the clear text password problem. But most of these people have commercial Windoze FTP clients that support some flavor of RFC2228 FTP security extensions. Of course, they are "not technical" and do not know which extensions they can use. All they know is someone sold them a "secure FTP program" and they can't understand why I want them to dump it and use the known-to-be-broken WinSCP instead.
Is there an FTP server in woody that I can configure to refuse plain-old FTP but allow those clients who do an FTP AUTH before an FTP PASS ? That is, I want to hang up on FTP clients that don't offer AUTH before they expose a password. Then I want to authorize those FTP users whose clients know how to do the defacto standard encrypted login. I'm not concerned about man-in-the-middle attacks; I just want to defeat evesdroppers observing clear text passwords. Has anyone here done it? What did you use? TIA Cameron -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]