Subject: | |
From: | |
Reply To: | |
Date: | Fri, 8 Jun 2012 16:52:21 +0200 |
Content-Type: | multipart/signed |
Parts/Attachments: |
|
|
If not else, you might wanna consider using stunnel for vsftpd too to
get it over SSL for the users by pre-sharing the certs.
So you wouldn't even have to change much at all in your configuration.
Cheers,
Andras
On Fri, 08 Jun 2012 16:46:56 +0200
Dennis Schridde <[log in to unmask]> wrote:
> Hello everyone!
>
> Am Freitag, 8. Juni 2012, 08:44:35 schrieben Sie:
> > And in this day and age with password sniffing
> > going on over local networks by zombied machines and happening as a
> > matter of government policy worldwide in data centers, and the
> > historic firewall wackiness with FTP's 2 channel communications,
> > *WHY* is your client using FTP for anything that is password based?
> > You can cross-hook it to normal logins, true, but this is a really
> > bad idea for basic security reasons and should be avoided wherever
> > feasible.
> Thanks for that hint!
>
> I just found that old server and decided to move the service onto a
> new host (and non EOL distro) to integrate it with the rest of the
> infrastructure (and get security updates). I will suggest to the
> clients to use another service that is less of a security problem.
>
> > Or are they using FTPS?
> So far I found no client that reliably supports FTPS. Especially
> nothing that comes with the OS "by default" (I tried Chrome, Firefox,
> KDE/Dolphin). Can you suggest one?
>
> Kind regards,
> Dennis Schridde
|
|
|