William Jensen wrote: > > Can anyone shed any light upon the likely security risks I would run using > proftpd vs sftp? From what I can tell sftp is for users only and it sets > up an encrypted connection before any passwords/users names are sent. That's > great, but how secure is this against hackers? Any different than proftpd?
i wouldn't use proftpd period. it has a history of security problems, and (according to some bugtraq posters) is not designed with security in mind(despite what their webpage says) most/all of the "known" holes are covered, but that doesn't mean it's secure. if i were to use a ftp server i would use 'ftpd' which is a port from openbsd. very simple, small, secure server. not much on features but it works. i wouldn't use anything else in an untrusted enviornment. as far as secure transfers go i use scp which uses ssh connections/authentication. if you want to keep 'hackers' out, i suggest using it and disabling password authentication in SSH and force RSA passphrase authentication. of course this requires you have knowledgable users(or you tell them how to create passphrases and stuff) nate -- ::: ICQ: 75132336 http://www.aphroland.org/ http://www.linuxpowered.net/ [EMAIL PROTECTED]