If not else, you might wanna consider using stunnel for vsftpd too to get it over SSL for the users by pre-sharing the certs.
So you wouldn't even have to change much at all in your configuration. Cheers, Andras On Fri, 08 Jun 2012 16:46:56 +0200 Dennis Schridde <devuran...@gmx.net> wrote: > Hello everyone! > > Am Freitag, 8. Juni 2012, 08:44:35 schrieben Sie: > > And in this day and age with password sniffing > > going on over local networks by zombied machines and happening as a > > matter of government policy worldwide in data centers, and the > > historic firewall wackiness with FTP's 2 channel communications, > > *WHY* is your client using FTP for anything that is password based? > > You can cross-hook it to normal logins, true, but this is a really > > bad idea for basic security reasons and should be avoided wherever > > feasible. > Thanks for that hint! > > I just found that old server and decided to move the service onto a > new host (and non EOL distro) to integrate it with the rest of the > infrastructure (and get security updates). I will suggest to the > clients to use another service that is less of a security problem. > > > Or are they using FTPS? > So far I found no client that reliably supports FTPS. Especially > nothing that comes with the OS "by default" (I tried Chrome, Firefox, > KDE/Dolphin). Can you suggest one? > > Kind regards, > Dennis Schridde
signature.asc
Description: PGP signature