<quote who="Tom">
> Question One: Do people agree with this? If tomorrow all instances of
> 'ftpd' were magically changed to 'sshd', would we have all the
> functionality we wanted, but with improved security?
To play devil's advocate for a moment:
- FTP daemons have been around for a long time, so they've had a lot of
field testing and fixage. See vsftp for a very good daemon under Linux.
- Whilst your password is in the clear (if you need a password at all),
FTP servers and policies are generally set up with that in mind
- Chrooted FTP is not hard to set up
- OpenSSH has been a nice big can of worms for a lot of administrators
over the last few months. It's not the only SSH, but it is the one our
community generally uses
- Chrooted SSH and policies in general are a bit more complicated -> FTP
is for file transfer, SSH/SCP/SFTP are fairly interwoven and are not
easily administered centrally (consider keys and key policies, allowed
commands, etc).
So, if I need to transfer a file, I may as well just use FTP if I don't
require encryption for data or authorisation. If I need those, perhaps I
should just use IPSEC or a tunnel, with... FTP on top.
(That said, I usually prefer HTTP anyway, but hey...)
- Jeff
--
"On Tuesday I saw Crouching Tiger, Hidden Dragon with Zack and two
ladies whom I presume are gracious." - Seth Schoen
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
