On 19/09/2010, at 4:48 AM, Emmett Culley wrote: > On 09/17/2010 02:51 AM, Robert P. J. Day wrote: >> >> (another in an ongoing list of things i just want to clarify >> for the >> sake of future courses taught on centos.) >> >> from this RHEL doc page: >> >> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/ >> Deployment_Guide/s1-openssh-server-config.html >> >> the reader is advised to, for the sake of security, remove/disable >> vsftpd, ostensibly in favour of sftp/sftp-server. really? >> >> i can obviously see disallowing stuff like telnet and rsh and >> rlogin, that's a no-brainer. but advising against vsftpd for the >> sake >> of security? i'm not sure i see the logic in that. thoughts? >> >> rday >> > We use vsftpd as an FTPS only server in CHROOT mode. The only > reason we don't user sftp instead is because it cannot (easily?) > CHROOT users. > > Emmett Possibly because FTP sends clear text passwords...