Don’t use FTP!
Recently came across a number of great reasons why you should not be using FTP.
Take a look at let me know what you think: http://stevenf.com/archive/dont-use-ftp.php
Recently came across a number of great reasons why you should not be using FTP.
Take a look at let me know what you think: http://stevenf.com/archive/dont-use-ftp.php
July 15th, 2008 at 6:37 pm
Yes, that and pfSense can be a bit of a crapshoot to get FTP working? *ducks*
OpenSSH just recently included an anonymous-FTP like function; before that it’s been hackish to do and not really secure. This OpenSSH feature should start improving adoption.
July 15th, 2008 at 11:34 pm
Bill – Yeah that might have a *tad* to do with Scott’s distaste for FTP
though I’ve had countless FTP headaches with a wide array of firewalls, commercial and open source…
The points linked in the post are absolutely valid, but at the same time I know not using FTP isn’t possible in many environments.
The real problem with FTP and pfSense is lack of thorough documentation, which is coincidentally something I’m working on this evening.
July 16th, 2008 at 3:54 am
Ok, I’m making the switch to SFTP today. Which SFTP server would you recommend for a Linux server?
July 16th, 2008 at 7:56 am
OK this was both interesting and frustrating. I was planing to spend a few hours today researching which software to use for moving massive amounts of files mostly over 10GbE LAN but also some of it through pfsense and WAN connections. So does any reasonable alternatives to FTP exist? Must be compatible with any windows and linux host and created/modified dates must stay consistent.
July 16th, 2008 at 2:40 pm
“Must be compatible with any windows and linux host and created/modified dates must stay consistent.”
Sounds like a fairly “static” environment, maybe use rsync?
July 16th, 2008 at 2:42 pm
“Which SFTP server would you recommend for a Linux server?”
Er, sshd?
July 16th, 2008 at 3:51 pm
Personally on BSD and Linux servers, I use OpenSSH.
Wikipedia has a list of SFTP servers.
http://en.wikipedia.org/wiki/List_of_SFTP_server_software
WinSCP is a great client for Windows users, and there are numerous options for BSD, Linux and Mac users.
I’ve converted some non-technical users very accustomed to FTP over to WinSCP and the switch was no problem. Anyone used to FTP will catch on to WinSCP and the other graphical SCP/SFTP clients with no problem.
July 16th, 2008 at 3:53 pm
I love SFTP. If you have allowed SSH allowed from the pfSense GUI you can even SFTP directly into pfSense from the inside of your network.
Server
SFTP works installed and ready to use by default in FreeBSD it uses SSHD.
Client
FireFTP is a nice free firefox add on that can do SFTP.
July 17th, 2008 at 5:30 am
ok sftp at protocol level are very more advanced than ftp …
but actualy there no real sftp implementation usable that deal (in simple way and no derty hack) with:
- virtual user (ldap, db, file other than system user)
- anonymous
- chroot
- bandwith limiting
- file transfer logging (actualy sftp log only the user as been logged…)
- …
many, and many other thing that ftp server (seen on pureftp or proftpd vs sftp on openssh) that can do very easily…
the most deployed sfp implementation are very simplistique implmentation of sftp…
none has been worked to redevelopp sftp sub deamon of ssh to do all of that… because all use ssh sftp only for interactive or admin task…
is why in my sense sftp are not more used…
July 18th, 2008 at 10:29 pm
@Mathieu:
- You can use pam to auth multiple SFTP users
- You can limit bandwidth at the host level using IPFW, dummynet on FreeBSD
- You CAN chroot a user using SFTP. Google “SFTP chroot”
- You could create guest logins with PAM (I would think…)
- With initial search it appears that transfer logging is working for some folks as well, google “sftp transfer logging”
July 23rd, 2008 at 8:23 pm
ok ok!!
and you can use rscp and other trick to what you whant…
but is not very simple to manage like ftpd server like pureftp/proftpd…
the idea is to be abel to do that only on configuring sshd_config file… to more…
and guest login are not virtual user…