Hi,

I want to know about the basic differences between sftp and vsFTPd.
I found out some differences but my basic doubt is:
How is vsFTP functionally different/"more secure" from sftp.

Thanks in advance!

Kind regards,

indiancosmonaut

well they are totally different protocols. sftp emulates the ftp synatx, but it's not actually ftp at all, just running through ssh instead. you can ftp (with or without ssl) to a vsftpd server, but you can't ftp to an sftp server, you only sftp / scp to it, so your client needs very different capabilities.

Advantage of VSFTP is that it has built-in jail functionality, so a user can only access the homedirectory and not snoop around in other directories; this requires one line in the config file.
You can achieve the same with sftp, but it requires significant more work.

Another difference is that FTP by nature is insecure while SFTP is secure. FTP also has another variant called FTPS (FTP over SSL) that is a secure form of FTP.

For a server that supports all the protocols FTP, FTPS, SFTP etc. you might take a look at JSCAPE Secure FTP Server.

http://www.jscape.com/secureftpserver/

Sftp is probably more robust than FTP, HOWEVER, it has one very significant drawback.
sftp users by default can see directories and files of other users and for example can download files that ends up in /tmp
It is possible to jail users on versions of openssh after 4.9 but this is not (properly) supported by RH5 or Centos 5. It requires serious hacking to get it to work and no solution offers simple maintenance. All solutions require compiling of code.
So ftp may be the only answer in cases where you dont want users snooping around.

Hi.
I know it's a dead thread but hopefully someone can find this interesting.
There are now several guides on the net on howto configure OpenSSH to work
with a chrooted SFTP server.

I found this one to work easiest for me.
See the last bullit to configure using built-in options.


http://www.minstrel.org.uk/papers/sftp/



Cheers