On 5/9/2015 11:43 AM, Dennis Jacobfeuerborn wrote: > Most FTP clients these days support SFTP as well and if you use say > proftpd+mod_sftp then handling SFTP on the server side become pretty > much identical to handling FTP (except all that active/passive nonsense > goes away an nobody can simply sniff passwords on the wire).
There are dozens of clients out there among our customer base, many of which have been using the same software for the last ten years or more, and most of that old software is probably written by an internal developer that quit years ago, not an off-the-shelf FTP/SFTP client. When we finally manage to get a server for SFTP installed, we can ask our clients to switch, but I'm sure many of them will think we're insane. I will look into the sftp module for proftpd. Hopefully that will be easier to secure than openssh. It can be tricky to make sure clients don't get shell access and are chrooted into their home directory when using openssh. It's not impossible, just challenging. Thanks, Shawn
