I would not call it narrow minded. I think he was pointing at that using encryption over clear-text services is better. Of course maybe I am wrong in how I read it. But I do think something important was missed. Just because SFTP/SCP uses encryption does not make it MUCH more secure when looked at in how I read the context of the original post. The original post sounded to me like he was referring to the wu-ftp and pro-ftpd past security exploits. Well, is not Sftp and SCP part of the OpenSSH project? If so, there have been security vulnerabilities in OpenSSH which I would think could affect SFTP and SCP. Therefore, based on security vulnerabilities alone, I do not see how sftp is much better than other ftp daemons. But if the question was what should I use to ftp files to my remote server over an untrusted link (btw, consider all links untrusted even your own) then using a clear-text based ftp service is not the way I would recommend doing it. Instead use sftp. -greg On Sun, 2004-02-01 at 13:02, Cowles, Steve wrote: > Jason Dixon wrote: > > On Sun, 2004-02-01 at 13:06, Nicholas Evans wrote: > >> Hello, > >> > >> I've heard quite a few FTPd horror stories, and I was wondering - > >> What is the most secure and reliable FTPd to use? The one that comes > >> with Fedora, or something else? I've been looking on google, but I > >> want some opinions. Thanks! > > > > There is no such thing as a secure ftp server. I highly suggest you > > look into sftp/scp via OpenSSH. > > > > Despite Jason's rather narrow minded view of what constitutes a secure > service... I have been running pute-ftpd for a couple of years now. To this > day, I have not regretted that decision. > > Checkout: http://www.pureftpd.org > > They even supply RPM's. > > Steve Cowles >
