Discussion:
Opinions on ftp-server
(too old to reply)
Per olof Ljungmark
2003-07-03 22:17:05 UTC
Permalink
Hi all,

Not being entirely satisfied with the stock ftpd (i'm running
4.6/4.7-REL) I'm interested in hearing some opinions on alternatives.

Access is for clients editing webpages, no anonymous. Number of users is
low so authorization through passwd is fine.

Stability and security is what I'm after.

TIA

Per olof Ljungmark
Vulpes Velox
2003-07-03 22:47:05 UTC
Permalink
On Fri, 04 Jul 2003 00:17:05 +0200
Post by Per olof Ljungmark
Hi all,
Not being entirely satisfied with the stock ftpd (i'm running
4.6/4.7-REL) I'm interested in hearing some opinions on alternatives.
Access is for clients editing webpages, no anonymous. Number of users is
low so authorization through passwd is fine.
Stability and security is what I'm after.
AFAIK there is no anonymous by defualt...

To make a user have ftp only access what you need to do is create a new user,
but give that user a shell that does not exist. This shell must be listed in /etc/shells to.
Per olof Ljungmark
2003-07-03 23:04:49 UTC
Permalink
The standard ftp server that comes with FreeBSD is more than adequate for
your needs. It's very stable, very secure and provides ftpchroot
capabilities. Why aren't you satisfied with it? Can't really ask for
anything more.
Well, I guess I should be content with the stock ftpd but yes, I do have
problems with it, perhaps I should try to solve them instead...

1. On a 4.6.2-REL-p12: ftpd dies intermittently, no clues anywhere why.

2. On 4.6.2-REL-p12 and also 4.7-REL-p10: When transfering a larger
number of files, say over 20 (size unimportant), transfers will "hang"
for a couple of minutes, then start again doing twenty files more, then
stop etc.
Per olof Ljungmark
2003-07-03 23:25:20 UTC
Permalink
Maybe upgrading to 4.8-stable and rebuilding world would help? Sorry to say,
I have never ran into any of the problems you're experiencing.
Maybe, but these systems are in production and there are other issues
the keeps us from doing what you suggest, ie

http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/52331
Adam
2003-07-04 00:01:48 UTC
Permalink
Post by Per olof Ljungmark
Not being entirely satisfied with the stock ftpd (i'm running
4.6/4.7-REL) I'm interested in hearing some opinions on alternatives.
Access is for clients editing webpages, no anonymous. Number of users is
low so authorization through passwd is fine.
Stability and security is what I'm after.
Sounds like you want PureFTPd .. It's as secure as FTP can possibly be
(without using extras like SSL/TSL), and is extremely stable. In fact,
its the only popular FTPd that has NEVER had a root exploit. And, it
supports privilege seperation.

Note that the next major version is supposed to support SSL/TLS, but
this might not be released for a while.

What you want is a FTPd that supports the basics, without all the extra
'warez' features. It's those extra features that lead to security
problems and instability.

Anyhow, I would highly recommend you read through this page to make an
educated decision yourself:
http://www.linuxmafia.com/pub/linux/security/ftp-daemons
--
Adam <***@gmx.net>
Monte Milanuk
2003-07-04 02:59:52 UTC
Permalink
Post by Adam
Sounds like you want PureFTPd .. It's as secure as FTP can possibly be
(without using extras like SSL/TSL), and is extremely stable. In fact,
its the only popular FTPd that has NEVER had a root exploit. And, it
supports privilege seperation.
Note that the next major version is supposed to support SSL/TLS, but
this might not be released for a while.
What you want is a FTPd that supports the basics, without all the extra
'warez' features. It's those extra features that lead to security
problems and instability.
Anyhow, I would highly recommend you read through this page to make an
http://www.linuxmafia.com/pub/linux/security/ftp-daemons
So what makes pureftpd so much better tahn vsftpd?

Seems to work well for RedHat, SuSE, and OpenBSD, to name a few.

http://vsftpd.beasts.org/

nuk
--
I know more than enough *nix to do some very destructive things,
and not nearly enough to do very many useful things.
Adam
2003-07-04 12:05:09 UTC
Permalink
Post by Monte Milanuk
So what makes pureftpd so much better tahn vsftpd?
Seems to work well for RedHat, SuSE, and OpenBSD, to name a few.
http://vsftpd.beasts.org/
Never got around to trying vsftpd. Looks like a nice server, though.
Definitely working checking out.

Thanks for the tip,
--
Adam <***@gmx.net>
Adam
2003-07-04 12:12:00 UTC
Permalink
Post by Monte Milanuk
So what makes pureftpd so much better tahn vsftpd?
Seems to work well for RedHat, SuSE, and OpenBSD, to name a few.
http://vsftpd.beasts.org/
I should ask you, what specific advantages does vsftpd have over
Pure-FTPd? I have been using Pure-FTPd for over a year and am very
pleased; should I switch?
--
Adam <***@gmx.net>
Monte Milanuk
2003-07-04 17:14:46 UTC
Permalink
Post by Adam
I should ask you, what specific advantages does vsftpd have over
Pure-FTPd? I have been using Pure-FTPd for over a year and am very
pleased; should I switch?
Heck no, man, use whatever floats your boat. I use ftp intermittently,
usually when there is something that needs transferred or installed on
my little home LAN and there isn't another easier way to do it.

I just find it interesting to see people recommending pureftpd as the
end-all, be-all of secure, unbreakable ftp daemons. Then I go to the
project site, and the 'big' name user is the Spanish Nat'l Research
project. No offense to anyone associated w/ said group, but I'm thinking
seeing projects like OpenBSD, RedHat, SuSE, SANS, and IBM recommending
vsftpd as the ftpd of choice (heck, even the LinuxMafia article you cited
mentioned vsftpd was the authors preferred option) makes me think vsftpd,
not pureftpd.

Does pureftpd have an impeccable security record? Sure looks like it.
Does it have a lot of nice feature and add-ons available. Appears so.
vsftpd, from the little bit I've seen setting it up on Linux boxes, is
pretty bare bones, w/ no frills. So again, if pureftpd is what works for
you, keep on truckin' ;)

nuk
--
I know more than enough *nix to do some very destructive things,
and not nearly enough to do very many useful things.
Chuck Swiger
2003-07-04 00:49:26 UTC
Permalink
Post by Per olof Ljungmark
Access is for clients editing webpages, no anonymous. Number of users is
low so authorization through passwd is fine.
The FTP procotol sends passwords unencrypted: don't use FTP for "real users" if
you can avoid it by using scp, sftp, rsync+ssh, or anything else.

-Chuck
Jason Morefield
2003-07-04 00:53:01 UTC
Permalink
Or Setup skey and use that through FTP. Just my $0.02.

Jason
----- Original Message -----
From: "Chuck Swiger" <***@mac.com>
To: "Per olof Ljungmark" <***@intersonic.se>
Cc: "FreeBSD-questions" <freebsd-***@freebsd.org>
Sent: Thursday, July 03, 2003 5:49 PM
Subject: Re: Opinions on ftp-server
Post by Chuck Swiger
Post by Per olof Ljungmark
Access is for clients editing webpages, no anonymous. Number of users is
low so authorization through passwd is fine.
The FTP procotol sends passwords unencrypted: don't use FTP for "real users" if
you can avoid it by using scp, sftp, rsync+ssh, or anything else.
-Chuck
_______________________________________________
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-***@freebsd.org"
Continue reading on narkive:
Loading...