Don’t use FTP!

July 15th, 2008 by Scott Ullrich

Recently came across a number of great reasons why you should not be using FTP.

Take a look at let me know what you think: http://stevenf.com/archive/dont-use-ftp.php

11 Responses to “Don’t use FTP!”

  1. Bill McGonigle Says:

    Yes, that and pfSense can be a bit of a crapshoot to get FTP working? *ducks*

    OpenSSH just recently included an anonymous-FTP like function; before that it’s been hackish to do and not really secure. This OpenSSH feature should start improving adoption.

  2. Chris Buechler Says:

    Bill – Yeah that might have a *tad* to do with Scott’s distaste for FTP ;)

    though I’ve had countless FTP headaches with a wide array of firewalls, commercial and open source…

    The points linked in the post are absolutely valid, but at the same time I know not using FTP isn’t possible in many environments.

    The real problem with FTP and pfSense is lack of thorough documentation, which is coincidentally something I’m working on this evening.

  3. Willy Says:

    Ok, I’m making the switch to SFTP today. Which SFTP server would you recommend for a Linux server?

  4. Anders Jensen Says:

    OK this was both interesting and frustrating. I was planing to spend a few hours today researching which software to use for moving massive amounts of files mostly over 10GbE LAN but also some of it through pfsense and WAN connections. So does any reasonable alternatives to FTP exist? Must be compatible with any windows and linux host and created/modified dates must stay consistent.

  5. Itwerx Says:

    “Must be compatible with any windows and linux host and created/modified dates must stay consistent.”

    Sounds like a fairly “static” environment, maybe use rsync?

  6. Itwerx Says:

    “Which SFTP server would you recommend for a Linux server?”

    Er, sshd? :)

  7. Chris Buechler Says:

    Personally on BSD and Linux servers, I use OpenSSH.
    Wikipedia has a list of SFTP servers.
    http://en.wikipedia.org/wiki/List_of_SFTP_server_software

    WinSCP is a great client for Windows users, and there are numerous options for BSD, Linux and Mac users.

    I’ve converted some non-technical users very accustomed to FTP over to WinSCP and the switch was no problem. Anyone used to FTP will catch on to WinSCP and the other graphical SCP/SFTP clients with no problem.

  8. Mark Crane Says:

    I love SFTP. If you have allowed SSH allowed from the pfSense GUI you can even SFTP directly into pfSense from the inside of your network.

    Server
    SFTP works installed and ready to use by default in FreeBSD it uses SSHD.

    Client
    FireFTP is a nice free firefox add on that can do SFTP.

  9. Mathieu CARBONNEAUX Says:

    ok sftp at protocol level are very more advanced than ftp …
    but actualy there no real sftp implementation usable that deal (in simple way and no derty hack) with:
    - virtual user (ldap, db, file other than system user)
    - anonymous
    - chroot
    - bandwith limiting
    - file transfer logging (actualy sftp log only the user as been logged…)
    - …

    many, and many other thing that ftp server (seen on pureftp or proftpd vs sftp on openssh) that can do very easily…
    the most deployed sfp implementation are very simplistique implmentation of sftp…
    none has been worked to redevelopp sftp sub deamon of ssh to do all of that… because all use ssh sftp only for interactive or admin task…

    is why in my sense sftp are not more used…

  10. sullrich Says:

    @Mathieu:

    - You can use pam to auth multiple SFTP users
    - You can limit bandwidth at the host level using IPFW, dummynet on FreeBSD
    - You CAN chroot a user using SFTP. Google “SFTP chroot”
    - You could create guest logins with PAM (I would think…)
    - With initial search it appears that transfer logging is working for some folks as well, google “sftp transfer logging”

  11. Mathieu CARBONNEAUX Says:

    ok ok!!
    and you can use rscp and other trick to what you whant…

    but is not very simple to manage like ftpd server like pureftp/proftpd…

    the idea is to be abel to do that only on configuring sshd_config file… to more…

    and guest login are not virtual user…

Please don’t post technical questions or off-topic comments. It is far more likely that your questions and concerns will be addressed effectively through one of our support channels.

Leave a Reply