| gabriel rosenkoetter on Mon, 24 Dec 2001 15:52:26 -0500 |
|
On Mon, Dec 24, 2001 at 08:43:53AM -0500, Brian Epstein wrote:
> If you have a default RH 7.1 box, you'll be using xinetd instead of inetd
> (unless you specified differently). The configuration file you are
> looking for is /etc/xinetd.d/wu-ftpd. There should be a "disable = yes"
> line in there. Change the "yes" to "no" and restart xinetd.
>
> /etc/init.d/xinetd restart
> or
> killall -SIGUSR2 xinetd
::sigh::
What twit decied to use USR2 for what should be HUP? I mean, we
*have* a signal for "restart"...
Oh well, anyway, yeah, xinetd is moderately more verbose in its
configuration, but it also does a lot of smarter things
security-wise, and that more-verbose configuration is also more
human-readable, so it's probably a good thing in the long run.
(Thanks for catching that, btw, Brian. I'd completely forgotten that
RH was shipping xinetd default these days.)
> I came in late to the discussion, over what lines are you
> transferring/what speed computer do you have? I've had a lot of success
> scp'ing files and the speed decrease is very minimal in my experience.
I've been presuming we're talking about 10/100BaseT ethernet. We're
at least talking about a private network (which is what makes me
think that ftp is just fine... though it may be better to create
another account to be an ftp user so that, should you forget and ftp
to the Linux machine from outside the firewall, assuming that's even
possible, your real username/password pair isn't passed plain text
out in the big, bad world.)
s{cp,ftp} really does have a noticeable startup delay (and slightly
less noticeable transfer delay) even on modern machines and fast
networks.
That, and CuteFTP on the Windows (or, say, Fetch on the Mac OS)
side will be much easier to deal with while doing web page development.
Well, I say that, though I've never seen putty's sftp client; it
may be nice too. (Last I checked, there was no Mac OS sftp client...
I'd be happy to learn that's changed.)
> I agree with Gabriel, if you can use encryption, go for it. Unless you
> really don't care about the data, you just want it to get passed along.
> Another solution if it is too slow to scp and you need it encrypted is to
> encrypt using a GNUpg/PGP keyset and they ftp'ing.
That's not exactly what I said. I think encryption should be used
exactly when it's actually necessary. If you're dealing with an
internal network access to which is blocked on the relevant ports,
then there's no need for encryption and it'll just slow things down
that might as well be fast. (cf, using NFS at all.) This presumes
you trust everyone and everything (think dialin modem bank) on
your internal network.
I'm a crypto/privacy nut. I read Perry Metzger's crypto mailing
list daily (and the cypherpunks mailing list... um... a little less
than daily ;^>). But an important part of security and privacy is
knowing when it's actually necessary and when what you're doing is
akin to weather-proofing the interior of a tank.
--
gabriel rosenkoetter
gr@eclipsed.net
Attachment:
pgpebRBPi1C8a.pgp
|
|