On 19/09/2010, at 4:48 AM, Emmett Culley wrote:
On 09/17/2010 02:51 AM, Robert P. J. Day wrote:
(another in an ongoing list of things i just want to clarify for the sake of future courses taught on centos.)
from this RHEL doc page:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/ Deployment_Guide/s1-openssh-server-config.html
the reader is advised to, for the sake of security, remove/disable vsftpd, ostensibly in favour of sftp/sftp-server. really?
i can obviously see disallowing stuff like telnet and rsh and rlogin, that's a no-brainer. but advising against vsftpd for the sake of security? i'm not sure i see the logic in that. thoughts?
rday
We use vsftpd as an FTPS only server in CHROOT mode. The only reason we don't user sftp instead is because it cannot (easily?) CHROOT users.
Emmett
Possibly because FTP sends clear text passwords...