[CentOS] how to control sftp's user file folder
Barry Brimer
lists at brimer.org
Wed Mar 2 03:16:35 UTC 2011
> On 03/01/11 6:38 PM, Barry Brimer wrote:
>> It is possible to instruct the FTPS client to keep the control channel in the
>> clear so that firewalls that need to adjust to the ports being used can listen
>> in on the conversation. The FTPS server has to agree to allow this to happen.
>
> aren't username/passwords sent in the clear then too? if so, whats the
> point of using ftps ?
No, they are not. On the FTPS server you can require TLS encryption of
everything, auth, data, control channel, nothing, or combinations of them.
In this case you would require auth+data which would mean that your
control channel is in the clear, but the username/password exchange and
the data would be protected. You could also use an SSL client certificate
as authentication and negate the need for the password to be sent
altogether.
More information about the CentOS
mailing list