[CentOS] should vsftpd be disabled in favour of sftp for security reasons?

17 Sep 2010


      (another in an ongoing list of things i just want to clarify for the
sake of future courses taught on centos.)
from this RHEL doc page:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment...
the reader is advised to, for the sake of security, remove/disable
vsftpd, ostensibly in favour of sftp/sftp-server.  really?
i can obviously see disallowing stuff like telnet and rsh and
rlogin, that's a no-brainer.  but advising against vsftpd for the sake
of security?  i'm not sure i see the logic in that.  thoughts?
rday
-- 

========================================================================
Robert P. J. Day                               Waterloo, Ontario, CANADA

        Top-notch, inexpensive online Linux/OSS/kernel courses
                        http://crashcourse.ca

Twitter:                                       http://twitter.com/rpjday
LinkedIn:                               http://ca.linkedin.com/in/rpjday
========================================================================

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[CentOS] should vsftpd be disabled in favour of sftp for security reasons?