l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2002 Nov 19 03:58

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] proftpd
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] proftpd



On Tue, 19 Nov 2002, Brian Lavender wrote:

> On Mon, Apr 08, 2002 at 09:19:12PM -0700, Gabriel Rosa wrote:
>
> > Why not ssh/scp? :)
> 
> Here are four reasons.
> 
> Because scp uses encryption and therefore is slower. 
>
> Almost everyone has an ftp client. Even Win 95 has a Windows
> client built into it. I would say more people are familiar
> with ftp than ssh.
>
> Your system could still be vulnerable even with ssh. dsniff, ssl
> exploits...
> 
> You can configure a guest ftp and anonymous ftp, where the user
> only sees your chroot area of the system.

Man, this was posted in April, but anyway...

I just want to address the last reason.  In SSH 3.x, there is a way to
restrict a user to the user's home directory.  Follow this:
http://www.ssh.com/support/documentation/online/ssh/adminguide/32/Using_Chroot_Manager__ssh-chrootmgr_.html#indexdef-584
Basically, you use ssh-chrootmgr.  I haven't done it myself, but it
exists.  As for the other points: I doubt the overhead in encryption
outweighs the safety of encryption; practically everyone has an ftp
client, but they should now have a ssh/scp client; and the system is just
as vulnerable with an exploitable ssh or ftp server, but the communication
will be secure in the unexploited ssh environment.

My 2 cents.

> brian

FL

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.