Re: What is the most secure FTP server?
Camaleón noela...@gmail.com wrote: In brief, for: - Server managing purposes (SSH) - File transfers for system users with shell access (SFTP) - Remote/external file transfers with no shell access (FTPS) Also file transfers for system users, without shell access (SFTP). There is a surprising amount of flexibility available in the configuration; I suggest you might like to re-read sshd_config and in particular uses of internal-sftp. Regards, Chris -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/o78p48xcqu@news.roaima.co.uk
Vsftpd and TLS (was: What is the most secure FTP server?)
On Thu, 10 Mar 2011 22:50:16 -0500, Robert Blair Mason Jr. wrote: Quick question for those of us running anonymous ftp: Is it possible to configure vsftpd to allow unencrypted anonymous sessions, but require encryption for all user sessions? I've looked at the configuration but all of the encryption settings seem to be global (no configuration on a per-user/group basis). I've not tested, but the involved variables should be: # to globally enable SSL (if client request it) ssl_enable=YES # this is the default value if not set force_local_data_ssl=YES # this is the deafult value if not set force_local_logins_ssl=YES # this is the default value if not set allow_anon_ssl=NO Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.03.11.16.33...@gmail.com
Re: What is the most secure FTP server?
On Fri, 11 Mar 2011 09:56:40 +, Chris Davies wrote: Camaleón noela...@gmail.com wrote: In brief, for: - Server managing purposes (SSH) - File transfers for system users with shell access (SFTP) - Remote/external file transfers with no shell access (FTPS) Also file transfers for system users, without shell access (SFTP). There is a surprising amount of flexibility available in the configuration; I suggest you might like to re-read sshd_config and in particular uses of internal-sftp. Sure, there are many variations that you can apply for each of those options. Note the in brief I added, I was trying to give a big picture of all the possibilities without entering into the specifics, that's up to the user and his requirements. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.03.11.16.56...@gmail.com
What is the most secure FTP server?
I understand that regular FTP has inferior security due to the lack of encryption. So I'm looking for an alternative to use on my home server. What is your favorite alternative and why? Implicit FTPS? SFTP? FTP over SSH? Or something else? -- Jason Hsu jhsu802...@jasonhsu.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110310095632.ea960454.jhsu802...@jasonhsu.com
Re: What is the most secure FTP server?
On Thu, 10 Mar 2011 09:56:32 -0600, Jason Hsu wrote: I understand that regular FTP has inferior security due to the lack of encryption. So I'm looking for an alternative to use on my home server. An alternative to FTP can be SSH. But you can still secure your FTP server by adding TLS (most of the major FTP packages provide that functionality). I personally like Vsftp. What is your favorite alternative and why? Implicit FTPS? SFTP? FTP over SSH? Or something else? That depends... SSH is very powerful for admins (with full login capabilities or for system users with shell access) but to allow external/ remote users to just upload some files securely you can use FTPS. In brief, for: - Server managing purposes (SSH) - File transfers for system users with shell access (SFTP) - Remote/external file transfers with no shell access (FTPS) Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.03.10.16.16...@gmail.com
Re: What is the most secure FTP server?
my favorite alternative to ftp? YES! all, everything, anything. hell, dropbox is better than ftp. but, just fire up your ssh server and out of the box, you've got tons of features - including file transfer. here's another suggestion: don't, under any circumstances, ever use ftp. for clients on non-unix boxes, look at winscp or cyberduck. On Thu, Mar 10, 2011 at 10:56 AM, Jason Hsu jhsu802...@jasonhsu.com wrote: I understand that regular FTP has inferior security due to the lack of encryption. So I'm looking for an alternative to use on my home server. What is your favorite alternative and why? Implicit FTPS? SFTP? FTP over SSH? Or something else? -- Jason Hsu jhsu802...@jasonhsu.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110310095632.ea960454.jhsu802...@jasonhsu.com
Re: What is the most secure FTP server?
On Thu, 10 Mar 2011 09:56:32 -0600, Jason Hsu writes: I understand that regular FTP has inferior security due to the lack of encryption. So I'm looking for an alternative to use on my home server. What is your favorite alternative and why? Implicit FTPS? SFTP? FTP over SSH? Or something else? vsftpd is just rocking, but if I were you, I'd stick with OpenSSH. I'd create an sftp group for just FTP users, and jail SSH connections coming from users in sftp group into their home directory. (See here[1] for details.) Regards. [1] http://www.techrepublic.com/blog/opensource/chroot-users-with-openssh-an-easier-way-to-confine-users-to-their-home-directories/229 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/871v2e6hp1@alamut.ozu.edu.tr
Re: What is the most secure FTP server?
Hello Jason, From: Jason Hsu jhsu802...@jasonhsu.com Date: Thu, 10 Mar 2011 09:56:32 -0600 What is your favorite alternative and why? Implicit FTPS? SFTP? FTP over SSH? Or something else? Another possibility is to firewall your LAN and use an ftp with satisfactory features. You will find that plain FTP and telnet are faster than any SSH. Significant if you use the connections several times a day. Of course, if the connection is rarely used, responsiveness is no concern. Regards, ... Peter E. -- Telephone 1 360 450 2132. Shop pages http://carnot.yi.org/ accessible as long as the old drives survive. Personal pages http://members.shaw.ca/peasthope/ . -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/171056938.38627.33134@cantor.invalid
Re: What is the most secure FTP server?
On Mar 10, 2011 12:27 PM, peasth...@shaw.ca wrote: Hello Jason, From: Jason Hsu jhsu802...@jasonhsu.com Date: Thu, 10 Mar 2011 09:56:32 -0600 What is your favorite alternative and why? Implicit FTPS? SFTP? FTP over SSH? Or something else? Another possibility is to firewall your LAN and use an ftp with satisfactory features. You will find that plain FTP and telnet are faster than any SSH. Significant if you use the connections several times a day. Of course, if the connection is rarely used, responsiveness is no concern. Ok, my gut tells me that plain text protocols might be faster than encrypted ones. However, I have no data to back this up and have never noticed 'significant' differences between rsync and rsync+ssh. Do you have this benchmark or are you just going by gut reaction too?
Re (2): What is the most secure FTP server?
From: shawn wilson ag4ve...@gmail.com Date: Thu, 10 Mar 2011 13:20:26 -0500 Ok, my gut tells me that plain text protocols might be faster than encrypted ones. However, I have no data to back this up and have never noticed 'significant' differences between rsync and rsync+ssh. Do you have this benchmark or are you just going by gut reaction too? Referring to http://142.103.107.138/NetworksPage.html , Dalton is an IBM NetVista 6578-RAU and Cantor is generic PC labeled CE'96[sic]. Desktops.OpenDoc telnet://peter@dalton.invalid/ on Cantor opens to the prompt in about 4 s, depending on what Dalton is doing. Desktops.OpenDoc ssh://peter@dalton.invalid/ on Cantor opens to the prompt in about 15 s. What are the timings in your network? This argument is similar to the one about electronic submission to the IRS. Someone is bound to pipe up that the Deep Blue workstation in his study opens SSH to the Tianhe-1 in his basement in 17 ms. Therefore everyone should always use an encrypted protocol rather than FTP or telnet. My reply was simply a possibility for Jason to consider. And of course, instinct taste usually trump reason. Best regards, ... Peter E. -- Telephone 1 360 450 2132. Shop pages http://carnot.yi.org/ accessible as long as the old drives survive. Personal pages http://members.shaw.ca/peasthope/ . -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/171056938.45642.33136@cantor.invalid
Re: What is the most secure FTP server?
On Thu, 10 Mar 2011 13:20:26 -0500 shawn wilson ag4ve...@gmail.com wrote: On Mar 10, 2011 12:27 PM, peasth...@shaw.ca wrote: Hello Jason, From: Jason Hsu jhsu802...@jasonhsu.com Date: Thu, 10 Mar 2011 09:56:32 -0600 What is your favorite alternative and why? Implicit FTPS? SFTP? FTP over SSH? Or something else? Another possibility is to firewall your LAN and use an ftp with satisfactory features. You will find that plain FTP and telnet are faster than any SSH. Significant if you use the connections several times a day. Of course, if the connection is rarely used, responsiveness is no concern. Ok, my gut tells me that plain text protocols might be faster than encrypted ones. However, I have no data to back this up and have never noticed 'significant' differences between rsync and rsync+ssh. Do you have this benchmark or are you just going by gut reaction too? Quick question for those of us running anonymous ftp: Is it possible to configure vsftpd to allow unencrypted anonymous sessions, but require encryption for all user sessions? I've looked at the configuration but all of the encryption settings seem to be global (no configuration on a per-user/group basis). -- rbmj -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110310225016.67a979a5@blair-laptop
