At 12:38 AM +0100 8/5/07, Alan Cox wrote: >> >You can make vsftpd do a lot of things, and as it was written for >> >security first its extremely well designed. >> >> It does, however, allow unlimited password cracking attempts, while Proftpd >> can be configured to prevent, with the help of some iptables rules. >> (Ignore what that dolt Excalibur Xcalibur will say in response -- PEBKAC.) > > >It does. Although it supports tcp_wrappers so you can still do this but >not so prettily. OK. >The usual vsftpd configuration is to set it to anonymous only, which >will provide weeks of pointless amusement to anyone trying to crack >passwords however. I hope that is how others use it, but it doesn't apply here. There is no anonymous access, only access to accounts with passwords. >Given ftp sends passwords in plain text its not usually a good idea to >allow non anonymous access except when you can force SSL for non >anonymous users anyway Well, that's a matter of user training and tool availability and setting up SSL. I'm making progress on the training. I don't know about the tools. I'm not working on SSL, as SSH already works. FTP upload is often built in to various editors on Mac and MSWindows, but I don't thing SFTP and SCP are, nor would I expect support for SSL. Fuse's sshfs isn't so widespread yet, either. -- ____________________________________________________________________ TonyN.:' <mailto:tonynelson@xxxxxxxxxxxxxxxxx> ' <http://www.georgeanelson.com/>
