On Tue, 2 Aug 2005 00:23:48 +0200 (CEST), [EMAIL PROTECTED] wrote: >> On Mon, 1 Aug 2005 12:49:49 -0500, "Bob Bostwick \(Lists\)" >> <[EMAIL PROTECTED]> wrote: >> >>> I am implementing an FTP server and need it to use SSL/TLS. I >>>know ftpd doesn't support this, and was wondering if anyone had any >>>suggestions on an alternative. I know SFTP exists, but that is not an >>>option, as the clients are not going to change. I know pure-ftpd >>>supports this, but didn't know if there was anything better or not. >> >> As you already seem to know, the best answer is to use something >> that's reasonably secure like SFTP. >> >> Since FTP over SSL/TLS is going to require configuration changes on >> the client side and possibly upgrades of client-side software, why not >> just require a new client that supports SFTP? >> >> There are free SFTP clients out there for most platforms, heck there's >> even at least one free client for MS-Windows (FileZilla on sourceforge >> comes to mind). >> >> You're talking about hanging yet another box on the net supporting an >> outdated, insecure and most importantly, difficult (often blocked or >> messed up by NAT) protocol. Wrapping FTP in SSL/TLS dose help some of >> the problems but it does not solve all of them. >> >> Kind Regards, >> JCR > >I'm sorry but there's no e.g. official "AnnonSFTP"-Patch/Modification for >OpenSSH. As far as I know you're not able to splitt the SFTP from the >SSH-Account (I don't mention any unofficial Patchs wich may work). > >That's why FTPS-Servers, or at least FTP-Servers wich support SSL/TLS, are >still in use. The best example is maybe the AnonCVS-"Hack" you've to apply >if you wanna set up an AnonCVS-Server. >So as far as I know every SFTP-User needs an SSH-Account. >FTP-Servers have offen a seperated Account-File wich isn't related to the >official System-Accounts at the Server. > >Kind regards, >Sebastian
Thanks Sebastian. You stated important info that I failed to mention. I don't mean to be confrontational but personally I didn't think there was any point in securing anon/public access? Since the original poster is trying to secure logins, anon/public access is kind of outside of the scope -probably the reason why I forgot to mention the ssh accounts. ;-) JCR -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?