On 10/06/2010 05:33 PM, Paul Cartwright wrote: > On Wed October 6 2010, Rick Stevens wrote: >>> so, is it better to ftp over SSL or sftp using ssh? >> >> As others have said, chrooting FTPS is easier than chrooting ssh and its >> kin. sftp also infers ssh must be available as well. I don't know if >> that's true or not. If it is and someone guesses your password, then >> they get a shell via ssh. Depends on how paranoid you are. > > I'm... a small home user, and not at all familiar with chrooting, should I be > using it too? as for the guessing my password, that is a good point. Though I > do not do that as root, still, that would allow access to my system. It depends on how secure you wish to be. If your site is going to get a lot of traffic or you're going to have a lot of different people uploading to you, yes, I'd consider a chroot environment (a.k.a. chroot jail). The details of a chroot jail are available elsewhere and I won't go into the details here. >> FTPS has the ability to use three different encryption things: no >> encryption, encryption of just the control channel or encryption of >> both control and data connections. vsftpd allows you to run both >> regular FTP and FTPS using the same daemon and there's no possibilty >> of an outsider getting a shell. > vsftpd, I'll have to check that out. thanks for the tips& info, always good > to learn new useful apps.. > >> >> It's up to you. We use sftp for most things here, but I've had a lot >> of clients in the past want FTP/FTPS. As for the paranoia thing: >> >> "Just because I'm paranoid doesn't mean they AREN'T out to get me!" > > that's exactly how I think when I'm out on my motorcycle:) ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, C2 Hosting ricks@xxxxxxxx - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - Give me ambiguity or give me something else! - ---------------------------------------------------------------------- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
