Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 5 Jan 2012 16:37:24 +0100
From:      Wolfgang Zenker <wolfgang@lyxys.ka.sub.org>
To:        freebsd-stable@freebsd.org
Subject:   Re: FTPS Server?
Message-ID:  <20120105153724.GA91242@lyxys.ka.sub.org>
In-Reply-To: <4F05A7D5.8000403@infracaninophile.co.uk>
References:  <4F059BEA.3000508@denninger.net> <4F05A7D5.8000403@infracaninophile.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi everyone,

* Matthew Seaman <m.seaman@infracaninophile.co.uk> [120105 14:38]:
> On 05/01/2012 12:47, Karl Denninger wrote:
>> Not SFTP (which is supported by the sshd) but FTPS.... is it supported
>> by FreeBSD?

> No, not supported in the base system.

>> [..]
> However, personally, I'd avoid FTPS.  It suffers from most of the design
> flaws of standard FTP[*], particularly as regards passing through
> firewalls.  Worse, because the traffic is encrypted, you can't even use
> tools like ftp-proxy (in ports as ftp/ftp-proxy) to extract transient
> port numbers by deep packet inspection.  As far as your users are
> concerned, just use SFTP.  It behaves exactly like an ordinary FTP
> client, but the underlying SSH protocol over the network is way, way
> better designed.

Well, the problem I have here is at the server side: ftp users can be
locked in a particular subtree of the file system by simply assigning
them a chrooted login class. No need to setup any infrastructure in
that subtree itself. Did not find out how to do this with sftp (we only
allow publickey authentication with ssh at our servers)

Wolfgang



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120105153724.GA91242>