Whoop, you’re right.
My mistake. What was I thinking?
The rest of my reco’s are good, right?
Bill
Sent from my iPhone
> On Mar 18, 2022, at 11:01 AM, Justin Pryzby wrote:
>
> This conversation has gone off into the weeds, but I should point out that:
>
>> Yes, you can use SFTP (aka FTP ov
This conversation has gone off into the weeds, but I should point out that:
> Yes, you can use SFTP (aka FTP over SSH)
SFTP is not actually "FTP over SSH", even if the commands are similar.
> Remember … FTPS or SFTP, whatever u want to call it, is just SSH providing a
> “secure tunnel” for your
Hello.
I think in this case, as he is using proftpd, that what he is using is
FTP over TLS, not SSH based SFTP.
To answer the original question: FTP over TLS is safe as long as:
- you enforce everyone using it (i.e. not allowing to fallback to non-
encrypted connections), configuration for that i
Hmm … I used the word “secure” and now, “upon reflection”, I think it’s the
wrong word.
Instead of thinking about it as … “is it secure”? Maybe we should think about
it as … “has anybody broken the encryption yet?”
Then … for the choices that aren’t “broken“ yet, maybe we think about those as
Remember … FTPS or SFTP, whatever u want to call it, is just SSH providing a
“secure tunnel” for your unencrypted FTP traffic.
So … when trying to figure out “if SSH is secure” or any other encrypted
traffic like HTTPS or whatever, you need to look closely at the encryption
protocols you’re sup
Is FTPS considered insecure?
proftpd example:
ServerName "MH FTP server"
ServerType standalone
DefaultServer on
AccessGrantMsg "User %u has successfully logged into MH FTP server."
RequireValidShell off
UseReverseDNS off
IdentLookups off
Port 0
UseIPv6 off
MaxInstances 30
Umask 022
PassivePorts
