[olug] ftp servers

[Christopher Cashell]

On Wed, Dec 26, 2001 at 11:11:25PM -0600, Adam Lassek wrote:
> I am going to be setting up an ftp server to run on my home server that
> will also be accessible to the outside. Can anybody recommend a good,
> easily configurable, secure ftp server daemon? There are many to choose
> from and I'd like to hear people's comments on the pro's/con's of the
> best ones.

This really depends on how you're setting things up.

If you're just setting up anonymous FTP, then most ftpd's will work fine
for you.  wu-ftpd has a reputation for security problems, but in the
past year or so, it's had no more than ProFTPD or any other major ftpd.
For maximum security, the OpenBSD or NetBSD ftpd (both of which are very
similar. . . I won't get started on my opinions of OpenBSD's propaganda,
though ;-) are known to be pretty secure.

If you use one of the "major" ftp daemons, and keep up to date on any
security fix releases that become available, you should be fine.

Now, if you're setting up the system to allow users to ftp into their
accounts using standard system authentication. . . well, you can pick
any ftpd that works for you, since you've already decided to give up any
real security on the machine. ;-)

Anything which requires users to enter passwords in clear-text across the
Internet is a Very Bad Thing (tm) as far as security is concerned, and
should never be done in any "important" situation.  (A website login
might be acceptable, a shell login shouldn't.)

-- 
Christopher

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

For help contact olug-help at bstc.net - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at bstc.net
or `mail olug-unsubscribe at bstc.net < /dev/null`
(c)2001 OLUG http://www.olug.org

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_