If not else, you might wanna consider using stunnel for vsftpd too to
get it over SSL for the users by pre-sharing the certs.

So you wouldn't even have to change much at all in your configuration.


Cheers,
Andras


On Fri, 08 Jun 2012 16:46:56 +0200
Dennis Schridde <[log in to unmask]> wrote:

> Hello everyone!
> 
> Am Freitag, 8. Juni 2012, 08:44:35 schrieben Sie:
> > And in this day and age with password sniffing
> > going on over local networks by zombied machines and happening as a
> > matter of government policy worldwide in data centers, and the
> > historic firewall wackiness with FTP's 2 channel communications,
> > *WHY* is your client using FTP for anything that is password based?
> > You can cross-hook it to normal logins, true, but this is a really
> > bad idea for basic security reasons and should be avoided wherever
> > feasible.
> Thanks for that hint!
> 
> I just found that old server and decided to move the service onto a
> new host (and non EOL distro) to integrate it with the rest of the
> infrastructure (and get security updates). I will suggest to the
> clients to use another service that is less of a security problem.
> 
> > Or are they using FTPS?
> So far I found no client that reliably supports FTPS. Especially
> nothing that comes with the OS "by default" (I tried Chrome, Firefox,
> KDE/Dolphin). Can you suggest one?
> 
> Kind regards,
> Dennis Schridde