On Thu, Nov 4, 2021 at 11:23 PM Andrew Komornicki <[email protected]> wrote: > > > Hi, > > Has anyone considered using secure ftp, sftp. It is much more secure > and readily available. Just like SSH secure shell. > > regards, > Andrew
In practical terms. SFTP has little to no advantage over FTPS, SSL enabled FTP. SFTP has profound deficits in that it's maintainers don't believe in chroot cages, and their published configurations normally expose the whole operating system of the server to the client. There are some chroot enabled configurations available to restrict their access: I publish some over at https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nkadel_rssh-2Dchroot-2Dtools_&d=DwIBaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=104IKr5R3EPihcPeD-gGHiqAtijzMTSMitJvuTgtONnWTXypD0_q9Fg4edQ84M14&s=EJySJRX2CQzpPDKTcZWOaB1K4pVE0TXwSaDyTRpRHuQ&e= . But most of them still require extraneous "/dev/", "/etc/", "/lib/" and "/bin/" directories inside the "chroot cage" restricted directory, which just futzes up anything that is trying to mirror from one site to another. There are some published rsync SSH key setups that are slightly more sanely restrictive, but it still takes more work to set up. vsftpd with FTPS is very easy to configure and can disable non-encrypted FTP, or leave FTPS for upload with FTP for download quite easily. That is.... well, it requires a lot more hackery to set up an SFTP service sanely this way.
