proftpd - making it ftps or sftp
 

hi all,

we have a plain ftp server but i want to make it encrypted as end users use it to download/upload material

is it best to go with ftps (ssl) or sftp (ssh)

i have read this walk through

https://www.howtoforge.com/tutorial/...-ubuntu-16-04/

on how to make it an ftps server by just installing openssl, making a key file and editing the config files and opening the extra port 990 TCP, job done

but would sftp be a better more secure solution ?

also when we create a new ftp account we dont add ftp users on the linux server via useradd (for authentication), first we make the directory for the ftp user then add the ftp user to the ftpd.passwd file and in that file is what contains the ftp user account, password for that account and location for there ftp directory ie /mnt/ftp_data/user.a

many thanks

rob

sftp is tightly linked with ssh and uses the ssh port.
Therefore you will most probably have to add accounts for ftp users.

If you want to stick to the authentication that you have now, I would look into ftps.

Also just google ftps vs ftps

That link i gave you was for ftps

I now know sftp needs actual user accounts on the ftp server as its ssh

This is not necessarily a bad thing, and unless you're throwing things open for EVERYONE via FTP, they'll have user accounts too. And if you're going to set up one guest account anyway, does it matter what service it's attached to?

Set the user accounts to have a chroot'ed environment, and making sure they have no shell, is fairly straightforward:
https://www.howtoforge.com/restricti...debian-squeeze

Debian-related link, but should work on other distros.