Mime-Version: |
1.0 |
Sender: |
|
Date: |
Fri, 8 Jun 2012 16:52:21 +0200 |
Reply-To: |
|
Subject: |
|
From: |
|
In-Reply-To: |
<1800545.mZxRcZZIC6@ernie> |
Content-Type: |
multipart/signed; micalg=PGP-SHA1;
boundary="Sig_/=U.pcL48OHLcN0zCCXarrnd";
protocol="application/pgp-signature" |
Comments: |
|
Parts/Attachments: |
|
|
If not else, you might wanna consider using stunnel for vsftpd too to
get it over SSL for the users by pre-sharing the certs.
So you wouldn't even have to change much at all in your configuration.
Cheers,
Andras
On Fri, 08 Jun 2012 16:46:56 +0200
Dennis Schridde <[log in to unmask]> wrote:
> Hello everyone!
>
> Am Freitag, 8. Juni 2012, 08:44:35 schrieben Sie:
> > And in this day and age with password sniffing
> > going on over local networks by zombied machines and happening as a
> > matter of government policy worldwide in data centers, and the
> > historic firewall wackiness with FTP's 2 channel communications,
> > *WHY* is your client using FTP for anything that is password based?
> > You can cross-hook it to normal logins, true, but this is a really
> > bad idea for basic security reasons and should be avoided wherever
> > feasible.
> Thanks for that hint!
>
> I just found that old server and decided to move the service onto a
> new host (and non EOL distro) to integrate it with the rest of the
> infrastructure (and get security updates). I will suggest to the
> clients to use another service that is less of a security problem.
>
> > Or are they using FTPS?
> So far I found no client that reliably supports FTPS. Especially
> nothing that comes with the OS "by default" (I tried Chrome, Firefox,
> KDE/Dolphin). Can you suggest one?
>
> Kind regards,
> Dennis Schridde
|
|
|