[CentOS] should vsftpd be disabled in favour of sftp for security reasons?
jeff.allison at allygray.2y.net
Sat Sep 18 19:58:32 EDT 2010
On 19/09/2010, at 4:48 AM, Emmett Culley wrote:
> On 09/17/2010 02:51 AM, Robert P. J. Day wrote:
>> (another in an ongoing list of things i just want to clarify
>> for the
>> sake of future courses taught on centos.)
>> from this RHEL doc page:
>> the reader is advised to, for the sake of security, remove/disable
>> vsftpd, ostensibly in favour of sftp/sftp-server. really?
>> i can obviously see disallowing stuff like telnet and rsh and
>> rlogin, that's a no-brainer. but advising against vsftpd for the
>> of security? i'm not sure i see the logic in that. thoughts?
> We use vsftpd as an FTPS only server in CHROOT mode. The only
> reason we don't user sftp instead is because it cannot (easily?)
> CHROOT users.
Possibly because FTP sends clear text passwords...
More information about the CentOS