Originally Posted by bvz
Do you think it is more secure to:
A) Only have a single user allowed to ssh into the machine and then install vsftp with a virtual user to do the automated copying. This way, even if the remote machine is compromised and the password/keys are stolen, a remote shell cannot be opened with this information. Only the vsftpd has been compromised.
B) Allow two users to ssh (the admin and the remote, automated user who will use scp) and NOT install vsftpd. The remote user would be an unprivileged user. By not installing vsftpd I will have reduced the number of open ports and the number of attack vectors?
The admin user will use a password protected ssh-key, so his security is not at stake, given the physical security of the primary server.
For the unprivileged user who is using an unprotected key on the secondary machine (either for ftp or ssh) the security risks are totally different. In case of ftp there is no effective protection for the transmission of the ftp password, you can sniff it with a packet analyzer like wireshark. If you use (unprotected) ssh-keys for scp you will get full encryption of your connection and data transfer between the two servers, BUT you will have to guard the clear text ssh-key on the second server very closely. Use the second method, because ssh always outperforms (any) ftp with respect to security.