FTPS Server?

Wolfgang Zenker wolfgang at lyxys.ka.sub.org
Thu Jan 5 16:11:26 UTC 2012


Hi everyone,

* Matthew Seaman <m.seaman at infracaninophile.co.uk> [120105 14:38]:
> On 05/01/2012 12:47, Karl Denninger wrote:
>> Not SFTP (which is supported by the sshd) but FTPS.... is it supported
>> by FreeBSD?

> No, not supported in the base system.

>> [..]
> However, personally, I'd avoid FTPS.  It suffers from most of the design
> flaws of standard FTP[*], particularly as regards passing through
> firewalls.  Worse, because the traffic is encrypted, you can't even use
> tools like ftp-proxy (in ports as ftp/ftp-proxy) to extract transient
> port numbers by deep packet inspection.  As far as your users are
> concerned, just use SFTP.  It behaves exactly like an ordinary FTP
> client, but the underlying SSH protocol over the network is way, way
> better designed.

Well, the problem I have here is at the server side: ftp users can be
locked in a particular subtree of the file system by simply assigning
them a chrooted login class. No need to setup any infrastructure in
that subtree itself. Did not find out how to do this with sftp (we only
allow publickey authentication with ssh at our servers)

Wolfgang


More information about the freebsd-stable mailing list