On Thu, Nov 4, 2021 at 11:23 PM Andrew Komornicki
<[log in to unmask]> wrote:
>
>
> Hi,
>
> Has anyone considered using secure ftp, sftp. It is much more secure
> and readily available. Just like SSH secure shell.
>
> regards,
> Andrew
In practical terms. SFTP has little to no advantage over FTPS, SSL
enabled FTP. SFTP has profound deficits in that it's maintainers don't
believe in chroot cages, and their published configurations normally
expose the whole operating system of the server to the client. There
are some chroot enabled configurations available to restrict their
access: I publish some over at
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nkadel_rssh-2Dchroot-2Dtools_&d=DwIBaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=104IKr5R3EPihcPeD-gGHiqAtijzMTSMitJvuTgtONnWTXypD0_q9Fg4edQ84M14&s=EJySJRX2CQzpPDKTcZWOaB1K4pVE0TXwSaDyTRpRHuQ&e= . But most of them still
require extraneous "/dev/", "/etc/", "/lib/" and "/bin/" directories
inside the "chroot cage" restricted directory, which just futzes up
anything that is trying to mirror from one site to another.
There are some published rsync SSH key setups that are slightly more
sanely restrictive, but it still takes more work to set up. vsftpd
with FTPS is very easy to configure and can disable non-encrypted FTP,
or leave FTPS for upload with FTP for download quite easily. That
is.... well, it requires a lot more hackery to set up an SFTP service
sanely this way.