[CentOS] how to control sftp's user file folder

Barry Brimer lists at brimer.org
Wed Mar 2 03:16:35 UTC 2011


> On 03/01/11 6:38 PM, Barry Brimer wrote:
>> It is possible to instruct the FTPS client to keep the control channel in the
>> clear so that firewalls that need to adjust to the ports being used can listen
>> in on the conversation.  The FTPS server has to agree to allow this to happen.
>
> aren't username/passwords sent in the clear then too?   if so, whats the
> point of using ftps ?

No, they are not.  On the FTPS server you can require TLS encryption of 
everything, auth, data, control channel, nothing, or combinations of them. 
In this case you would require auth+data which would mean that your 
control channel is in the clear, but the username/password exchange and 
the data would be protected.  You could also use an SSL client certificate 
as authentication and negate the need for the password to be sent 
altogether.



More information about the CentOS mailing list