|Matt Mossholder on 23 Feb 2010 12:45:46 -0800|
On Tue, Feb 23, 2010 at 3:33 PM, Mike Leone <firstname.lastname@example.org> wrote:
I have a server set up (with Ubuntu 8.04) that is running FTP over SSL,
We're had discussions about this where I work, and decided to go with SFTP rather than FTPS, for a number of reasons.
1) FTPS requires multiple ports (one control, several data), whereas SFTP just requires one.
2) Intelligent firewalls (Checkpoint, IPTables, etc.) can't extract state information from FTPS to know what ports must be open, resulting in having to open a range of ports, even if the individual ports are only opened infrequently.
3) Keys - a lot easier to use public/private key authentication with SSH, as it comes with the tools, and they are simple.
Having said that, there are a few things you can do to lock things down.
1) Use the rssh shell, which only allows the user to perform transfers (http://www.pizzashack.org/rssh)
2) Chroot (http://www.minstrel.org.uk/papers/sftp/builtin/).
You'll need to take rssh into account in the second tutorial!
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug