[CentOS] should vsftpd be disabled in favour of sftp for security reasons?

Emmett Culley emmett at webengineer.com
Sat Sep 18 18:48:31 UTC 2010


On 09/17/2010 02:51 AM, Robert P. J. Day wrote:
> 
>    (another in an ongoing list of things i just want to clarify for the
> sake of future courses taught on centos.)
> 
>    from this RHEL doc page:
> 
> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-openssh-server-config.html
> 
> the reader is advised to, for the sake of security, remove/disable
> vsftpd, ostensibly in favour of sftp/sftp-server.  really?
> 
>    i can obviously see disallowing stuff like telnet and rsh and
> rlogin, that's a no-brainer.  but advising against vsftpd for the sake
> of security?  i'm not sure i see the logic in that.  thoughts?
> 
> rday
> 
We use vsftpd as an FTPS only server in CHROOT mode.  The only reason we don't user sftp instead is because it cannot (easily?) CHROOT users.

Emmett



More information about the CentOS mailing list