Date: Thu, 5 Jan 2012 16:37:24 +0100 From: Wolfgang Zenker <wolfgang@lyxys.ka.sub.org> To: freebsd-stable@freebsd.org Subject: Re: FTPS Server? Message-ID: <20120105153724.GA91242@lyxys.ka.sub.org> In-Reply-To: <4F05A7D5.8000403@infracaninophile.co.uk> References: <4F059BEA.3000508@denninger.net> <4F05A7D5.8000403@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi everyone, * Matthew Seaman <m.seaman@infracaninophile.co.uk> [120105 14:38]: > On 05/01/2012 12:47, Karl Denninger wrote: >> Not SFTP (which is supported by the sshd) but FTPS.... is it supported >> by FreeBSD? > No, not supported in the base system. >> [..] > However, personally, I'd avoid FTPS. It suffers from most of the design > flaws of standard FTP[*], particularly as regards passing through > firewalls. Worse, because the traffic is encrypted, you can't even use > tools like ftp-proxy (in ports as ftp/ftp-proxy) to extract transient > port numbers by deep packet inspection. As far as your users are > concerned, just use SFTP. It behaves exactly like an ordinary FTP > client, but the underlying SSH protocol over the network is way, way > better designed. Well, the problem I have here is at the server side: ftp users can be locked in a particular subtree of the file system by simply assigning them a chrooted login class. No need to setup any infrastructure in that subtree itself. Did not find out how to do this with sftp (we only allow publickey authentication with ssh at our servers) Wolfgang
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120105153724.GA91242>