FTPS Server?
Rainer Duffner
rainer at ultra-secure.de
Thu Jan 5 16:30:02 UTC 2012
Am 05.01.2012 um 16:37 schrieb Wolfgang Zenker:
> Hi everyone,
>
> * Matthew Seaman <m.seaman at infracaninophile.co.uk> [120105 14:38]:
>> On 05/01/2012 12:47, Karl Denninger wrote:
>>> Not SFTP (which is supported by the sshd) but FTPS.... is it supported
>>> by FreeBSD?
>
>> No, not supported in the base system.
>
>>> [..]
>> However, personally, I'd avoid FTPS. It suffers from most of the design
>> flaws of standard FTP[*], particularly as regards passing through
>> firewalls. Worse, because the traffic is encrypted, you can't even use
>> tools like ftp-proxy (in ports as ftp/ftp-proxy) to extract transient
>> port numbers by deep packet inspection. As far as your users are
>> concerned, just use SFTP. It behaves exactly like an ordinary FTP
>> client, but the underlying SSH protocol over the network is way, way
>> better designed.
>
> Well, the problem I have here is at the server side: ftp users can be
> locked in a particular subtree of the file system by simply assigning
> them a chrooted login class. No need to setup any infrastructure in
> that subtree itself. Did not find out how to do this with sftp (we only
> allow publickey authentication with ssh at our servers)
>
> Wolfgang
It is possible.
See the chroot configuration in the man-page for sshd_config
If you have a sufficiently complete chroot-environment, you can even do chroot'ed ssh login sessions.
Rainer
More information about the freebsd-stable
mailing list