[Gllug] ftp security

Alain Williams addw at phcomp.co.uk
Mon Oct 22 16:27:22 UTC 2001


On Mon, Oct 22, 2001 at 04:57:15PM +0100, Paul Brazier wrote:
> I'm helping to set up a box with RH7.1 which will (amongst other things)
> give remote users ftp access to their home directories only. I read
> somewhere that wu-ftpd is insecure.
> 
> Is this just because ftp is unencrypted and thus passwords & logins are
> transmitted in cleartext for sniffers to pick up? In this case don't all
> ftp servers suffer from the same problem? Or are some ftp servers better
> than others for security for different reasons?
> 
> I don't have control over what the clients use so ssh etc. isn't an
> option (except for administrators).

Look at sftp, you need to hack sshd as well.
Although this works over ssh it doesn't do the other nice things that wu-ftpd
does. It would have thought it better to make wu-ftpd work under ssh (may
require some hacking of the code, will only work in passive mode)

-- 
Alain Williams

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list