Quoting John McDonnell (ilug_spamtrap at johnmc.org):
> Surely this holds true for all implementations of FTP...
Other than anonymous.
> ...and Telnet for that matter.
Don't forget POP3.
There _are_ some creative solutions that I've tried. Consider:
1. Users have ~/ftp directories. /home filesystem has disk quotas.
2. I modify and recompile an ftpd to use authentication database
/etc/insecure/passwd . I do the same for a pop3d. Run the
ftpd to chroot to ~/ftp .
3. I populate /etc/insecure/passwd with the requisite lines for
my local UIDs, using hashes of really _bad_ passwords (like
4. Notify users that they can now POP their mail and ftp files
in and out of their ~/ftp directories using their usual
usernames but password (e.g.) "password".
This allows people to use two of the three popular plaintext-
authentication protocols with minimal disruption and without
compromising system security.
> Personal recommendation, OpenSSH with SCP and use SCP/SSH clients.
> Putty and WinSCP work on windows and Nifty Telnet + SSH works on Mac.
Welcome to the party. ;->
See the top of http://linuxmafia.com/pub/linux/security/ftp-daemons
Comprehensive list of SSH software that I've maintained for years:
And don't forget that SSH is only as secure as the machines on _both
ends_, and that this is true regardless of whether you use password,
RSA, or DSA authentication. If you SSH from a compromised host into
your otherwise secure machine, you've given the bad guys all they need
to "own" your box. The tools to do this are now widespread and
Thus substituting ssh client/daemon pairs for telnet/ftp is worthwhile,
but only because it eliminates that plaintext transmission mode for
shell passwords. Anyone who thinks of SSH as "secure login" without
drastically qualifying the concept is kidding himself.
"Is it not the beauty of an asynchronous form of discussion that one can go and
make cups of tea, floss the cat, fluff the geraniums, open the kitchen window
and scream out it with operatic force, volume, and decorum, and then return to
the vexed glowing letters calmer of mind and soul?" -- The Cube, forum3000.org
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!