[vox-tech] proftpd
Foo Lim
vox-tech@lists.lugod.org
Tue, 19 Nov 2002 00:50:32 -0800 (PST)
On Tue, 19 Nov 2002, Brian Lavender wrote:
> On Mon, Apr 08, 2002 at 09:19:12PM -0700, Gabriel Rosa wrote:
>
> > Why not ssh/scp? :)
>
> Here are four reasons.
>
> Because scp uses encryption and therefore is slower.
>
> Almost everyone has an ftp client. Even Win 95 has a Windows
> client built into it. I would say more people are familiar
> with ftp than ssh.
>
> Your system could still be vulnerable even with ssh. dsniff, ssl
> exploits...
>
> You can configure a guest ftp and anonymous ftp, where the user
> only sees your chroot area of the system.
Man, this was posted in April, but anyway...
I just want to address the last reason. In SSH 3.x, there is a way to
restrict a user to the user's home directory. Follow this:
http://www.ssh.com/support/documentation/online/ssh/adminguide/32/Using_Chroot_Manager__ssh-chrootmgr_.html#indexdef-584
Basically, you use ssh-chrootmgr. I haven't done it myself, but it
exists. As for the other points: I doubt the overhead in encryption
outweighs the safety of encryption; practically everyone has an ftp
client, but they should now have a ssh/scp client; and the system is just
as vulnerable with an exploitable ssh or ftp server, but the communication
will be secure in the unexploited ssh environment.
My 2 cents.
> brian
FL