From owner-freebsd-stable@FreeBSD.ORG Thu Jan 5 16:11:26 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 87135106564A for ; Thu, 5 Jan 2012 16:11:26 +0000 (UTC) (envelope-from wolfgang@lyxys.ka.sub.org) Received: from saturn.lyxys.ka.sub.org (saturn.lyxys.ka.sub.org [217.29.35.151]) by mx1.freebsd.org (Postfix) with ESMTP id EB3588FC13 for ; Thu, 5 Jan 2012 16:11:25 +0000 (UTC) Received: from juno.lyxys.ka.sub.org (juno.lyx [IPv6:fd2a:89ca:7d54:0:20f:feff:fe0e:7312]) by saturn.lyxys.ka.sub.org (8.14.2/8.14.2) with ESMTP id q05FbPKD015679 for ; Thu, 5 Jan 2012 16:37:26 +0100 (CET) (envelope-from wolfgang@lyxys.ka.sub.org) Received: from juno.lyxys.ka.sub.org (localhost [127.0.0.1]) by juno.lyxys.ka.sub.org (8.14.5/8.14.5) with ESMTP id q05FbO6F091417 for ; Thu, 5 Jan 2012 16:37:24 +0100 (CET) (envelope-from wolfgang@lyxys.ka.sub.org) Received: (from wolfgang@localhost) by juno.lyxys.ka.sub.org (8.14.5/8.14.5/Submit) id q05FbOa5091416 for freebsd-stable@freebsd.org; Thu, 5 Jan 2012 16:37:24 +0100 (CET) (envelope-from wolfgang@lyxys.ka.sub.org) X-Authentication-Warning: juno.lyx: wolfgang set sender to wolfgang@lyxys.ka.sub.org using -f Date: Thu, 5 Jan 2012 16:37:24 +0100 From: Wolfgang Zenker To: freebsd-stable@freebsd.org Message-ID: <20120105153724.GA91242@lyxys.ka.sub.org> References: <4F059BEA.3000508@denninger.net> <4F05A7D5.8000403@infracaninophile.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4F05A7D5.8000403@infracaninophile.co.uk> User-Agent: Mutt/1.4.2.3i Organization: private site Subject: Re: FTPS Server? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jan 2012 16:11:26 -0000 Hi everyone, * Matthew Seaman [120105 14:38]: > On 05/01/2012 12:47, Karl Denninger wrote: >> Not SFTP (which is supported by the sshd) but FTPS.... is it supported >> by FreeBSD? > No, not supported in the base system. >> [..] > However, personally, I'd avoid FTPS. It suffers from most of the design > flaws of standard FTP[*], particularly as regards passing through > firewalls. Worse, because the traffic is encrypted, you can't even use > tools like ftp-proxy (in ports as ftp/ftp-proxy) to extract transient > port numbers by deep packet inspection. As far as your users are > concerned, just use SFTP. It behaves exactly like an ordinary FTP > client, but the underlying SSH protocol over the network is way, way > better designed. Well, the problem I have here is at the server side: ftp users can be locked in a particular subtree of the file system by simply assigning them a chrooted login class. No need to setup any infrastructure in that subtree itself. Did not find out how to do this with sftp (we only allow publickey authentication with ssh at our servers) Wolfgang