HI All,

I wanted to know which ftp server is the most secure?? Although, Im googling around, but I would like to hear your opinions too..

Thanks

Danish

FTP isn't a very secure protocol. You'd do better to use sftp, or use a regular FTP service over a VPN.

As with anything, 80% of the security comes from setting it up properly.

If you insist on using an actual ftp server though, probably the one with the best current track record is vsftpd.

Stands for Very Secure FTP Daemon.

What about jscape secure ftp server? I was going through the website yesterday.
One more thing.

Like https:// . Isnt there a protocol called ftps://. From what I remember, it uses the port 990 and 995 I guess. I was wondering if I could set up a ftp server where in I can connect by giving the url
ftps://x.x.x.x:990..and once the ftp server is contacted, a certificate is thrown, from a CA, showing that data communication is encrytped..

Thanks
Danish

According to /etc/services on my box 989 and 990. If it will work depends (as far as I know) if the browser supports the protocol.

Last note:
Why specify the port? You also don't specify it for https

PS: I use vsftpd for secure ftp; will try one day if it works from a browser.

Im using FC4..and there is no entry for port 990 and 989. But I had read on it somewhere..so wanted to implement it..Not sure how to..
Firefox does not support it..

IE does...i guess..

Well..if the port is specified in /etc/services..then I guess there is no need to specify ports in the url

Danish

Usually when you want to set up a secure protocol, you need to create security certificates for the service in order for it to be secure. Just using the port number allocated for it doesn't make it secure.

Yes..that is correct...Im gonna try it and get back to you with the errors..

Thanks
Danish

Well, I created an ftp site on my LAN..and also created and loaded the certificates while starting the vsftpd server.

When I access the ftp server from a different machine using an ftp client like filezilla with the option FTP over SSL ( explicit encryption), a certicate pops up certifying the ftp server..But when I connect using a browser like IE..why am I given an error that Anonymous sessions must use encryption

Why is the certificate not showing?

my vsftpd.conf file


listen=YES

listen_address=192.168.10.235

anonymous_enable=YES


dirmessage_enable=YES

xferlog_enable=YES

connect_from_port_20=YES

rsa_cert_file=/usr/local/vsftpd-2.0.5/ftp_cert.pem

ssl_enable=YES

force_anon_logins_ssl=YES

Thanks
Danish

You get the error because of your last line in the config file:

<CODE>
force_anon_logins_ssl=YES
</CODE>

You might see if there are any settings for FTP in IE that need adjusting - check the handling of certs in IE as well. Other than that I would presume it is an IE specific problem since another browser works...test more browsers.

asking... the port number have to be 22 ? 23 ?

No. the ftp service daemon can run on any open port.

The ftp protocol is insecure.
Use sftp or scp protocols.

There are certain "commonly accepted port-numbers," and these are usually less-than 1024, which (briefly) requires root-privileges for the server to open them.

By "secure," the question is, "what do you mean by that?" The FTP protocol does not encrypt the traffic that's passing over the net; SFTP does. FTP also uses "simple password" authentication, which means that at some point a password is passing over the wire, unencrypted. But SFTP can accept "simple passwords," too.

Basically, if you want truly-secure communication, you have to eliminate passwords. There must be nothing, open to the public Internet, that anyone can "try to send a 'user-name and password' to," period.

When you go to work, you probably have to use a badge. You can't duplicate the badge, it's assigned uniquely to you, and when you leave the company your badge drops dead. (I have an Apple badge, for instance, but it won't get me into the front door at Cupertino now.) Certificate-based security can do the same thing.

ok... SFTP
in Linux, what are the command(S) for SFTP ?

If you are using a graphical interface, you can use your file manager. Usually there is a shortcut like ctrl-L or File->Connect to Server where you can enter a URI like this:

That will then connect you via your file manager to your remote SSH server using SFTP. At that point you can drag and drop and etc just like with local files.

It's sftp

and it can take several options. In advanced use, it can even pass options on to the underlying ssh. See the manual page for sftp for details. If you use keys + an agent then you can even automate sftp activities using the batch mode.