> On Tue, 2 Aug 2005 00:23:48 +0200 (CEST), [EMAIL PROTECTED] > wrote: > >>> On Mon, 1 Aug 2005 12:49:49 -0500, "Bob Bostwick \(Lists\)" >>> <[EMAIL PROTECTED]> wrote: >>> >>>> I am implementing an FTP server and need it to use SSL/TLS. I >>>>know ftpd doesn't support this, and was wondering if anyone had any >>>>suggestions on an alternative. I know SFTP exists, but that is not an >>>>option, as the clients are not going to change. I know pure-ftpd >>>>supports this, but didn't know if there was anything better or not. >>> >>> As you already seem to know, the best answer is to use something >>> that's reasonably secure like SFTP. >>> >>> Since FTP over SSL/TLS is going to require configuration changes on >>> the client side and possibly upgrades of client-side software, why not >>> just require a new client that supports SFTP? >>> >>> There are free SFTP clients out there for most platforms, heck there's >>> even at least one free client for MS-Windows (FileZilla on sourceforge >>> comes to mind). >>> >>> You're talking about hanging yet another box on the net supporting an >>> outdated, insecure and most importantly, difficult (often blocked or >>> messed up by NAT) protocol. Wrapping FTP in SSL/TLS dose help some of >>> the problems but it does not solve all of them. >>> >>> Kind Regards, >>> JCR >> >>I'm sorry but there's no e.g. official "AnnonSFTP"-Patch/Modification for >>OpenSSH. As far as I know you're not able to splitt the SFTP from the >>SSH-Account (I don't mention any unofficial Patchs wich may work). >> >>That's why FTPS-Servers, or at least FTP-Servers wich support SSL/TLS, >> are >>still in use. The best example is maybe the AnonCVS-"Hack" you've to >> apply >>if you wanna set up an AnonCVS-Server. >>So as far as I know every SFTP-User needs an SSH-Account. >>FTP-Servers have offen a seperated Account-File wich isn't related to the >>official System-Accounts at the Server. >> >>Kind regards, >>Sebastian > > Thanks Sebastian. You stated important info that I failed to mention. > > I don't mean to be confrontational but personally I didn't think there > was any point in securing anon/public access? > > Since the original poster is trying to secure logins, anon/public > access is kind of outside of the scope -probably the reason why I > forgot to mention the ssh accounts. ;-) > > JCR
Yes but why shouldn't "we" secure anonymous-connections also? Or if I do e.g. a little Webhosting Service. I wont give my users an SSH so I've to choose FTPS even it's not as secure as SFTP. So it dosn't just deal with anonymous connections. Kind regards, Sebastian