[Gllug] ftp security
Alain Williams
addw at phcomp.co.uk
Mon Oct 22 16:27:22 UTC 2001
On Mon, Oct 22, 2001 at 04:57:15PM +0100, Paul Brazier wrote:
> I'm helping to set up a box with RH7.1 which will (amongst other things)
> give remote users ftp access to their home directories only. I read
> somewhere that wu-ftpd is insecure.
>
> Is this just because ftp is unencrypted and thus passwords & logins are
> transmitted in cleartext for sniffers to pick up? In this case don't all
> ftp servers suffer from the same problem? Or are some ftp servers better
> than others for security for different reasons?
>
> I don't have control over what the clients use so ssh etc. isn't an
> option (except for administrators).
Look at sftp, you need to hack sshd as well.
Although this works over ssh it doesn't do the other nice things that wu-ftpd
does. It would have thought it better to make wu-ftpd work under ssh (may
require some hacking of the code, will only work in passive mode)
--
Alain Williams
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list