Hey Gang, Has anyone else noticed that proftpd seems to be off the map now? I've tried going to their web page to check for latest version / bug fix and I can't seem to get there... I guess I'll be upgrading to vsftpd... Thanks, Tim. -- I am leary of the allegiances of any politician who refers to their constituents as "consumers".
Tim Keller wrote, on Mar 12, 2008 at 11:16 EDT:
Hey Gang,
Has anyone else noticed that proftpd seems to be off the map now? I've tried going to their web page to check for latest version / bug fix and I can't seem to get there...
I guess I'll be upgrading to vsftpd...
On a slight tangent: Do you have a specific need for ftp? I'd suggest looking into using sftp instead (the s stands for secure). It's available as part of openssh. -- Aaron Haviland 34 Wayne Ave, Dudley, MA home: [508] 943 - 7974
Aaron> Tim Keller wrote, on Mar 12, 2008 at 11:16 EDT:
Hey Gang,
Has anyone else noticed that proftpd seems to be off the map now? I've tried going to their web page to check for latest version / bug fix and I can't seem to get there...
I guess I'll be upgrading to vsftpd...
Aaron> On a slight tangent: Do you have a specific need for ftp? I'd Aaron> suggest looking into using sftp instead (the s stands for Aaron> secure). It's available as part of openssh. The problem with sftp is that it doesn't offer chroot() style jails for ftp users and accounts. This can be worked around using the scponly hack which is out on the net. Now maybe I'm a little out of date, I'd love to know that more recent versions of OpenSSH support chroot'd sftp jails. I know this mostly because I needed to integrate sftp into an existing proftpd setup, without changing the directory structure and how it works. Not hard, just took testing and some setup scripts to build proper hardlinks. John
On Thu, 13 Mar 2008, John Stoffel wrote:
Aaron> On a slight tangent: Do you have a specific need for ftp? I'd Aaron> suggest looking into using sftp instead (the s stands for Aaron> secure). It's available as part of openssh.
The problem with sftp is that it doesn't offer chroot() style jails for ftp users and accounts. This can be worked around using the scponly hack which is out on the net.
Now maybe I'm a little out of date, I'd love to know that more recent versions of OpenSSH support chroot'd sftp jails.
Actually, there is recent development on that front: http://undeadly.org/cgi?action=article&sid=20080220110039 I don't believe it's part of any release of OpenSSH yet, but presumably soon. Brian J. Conway
In a nutshell... I'm using ftp right now (proftpd) and I have it configured the way I want and it works well... I just wanted to update to the latest version or see if there were any security updates and found the website unaccessible... As for the chroot features... I currently use them for proftpd and I purchased the commercial version of SSH that includes chroot. I'm psyched to see that they'll be supporting it soon since it's a feature I look for. However, my current plan is to reimplement my current configuration using vsftpd, because at least in my eyes, vsftpd is a known quantity and under development. On Thu, Mar 13, 2008 at 2:06 PM, Brian J. Conway <bconway@alum.wpi.edu> wrote:
On Thu, 13 Mar 2008, John Stoffel wrote:
Aaron> On a slight tangent: Do you have a specific need for ftp? I'd Aaron> suggest looking into using sftp instead (the s stands for Aaron> secure). It's available as part of openssh.
The problem with sftp is that it doesn't offer chroot() style jails for ftp users and accounts. This can be worked around using the scponly hack which is out on the net.
Now maybe I'm a little out of date, I'd love to know that more recent versions of OpenSSH support chroot'd sftp jails.
Actually, there is recent development on that front:
http://undeadly.org/cgi?action=article&sid=20080220110039
I don't believe it's part of any release of OpenSSH yet, but presumably soon.
Brian J. Conway _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
-- I am leary of the allegiances of any politician who refers to their constituents as "consumers".
"Brian" == Brian J Conway <bconway@alum.wpi.edu> writes:
Now maybe I'm a little out of date, I'd love to know that more recent versions of OpenSSH support chroot'd sftp jails.
Brian> Actually, there is recent development on that front: Brian> http://undeadly.org/cgi?action=article&sid=20080220110039 Brian> I don't believe it's part of any release of OpenSSH yet, but Brian> presumably soon. Interesting. I'm still interested in the scp option though, since that's just as easy for user to use, and just as secure as sftp from what I see. I'd figure if you just did a static linking, you'd be all set. The key, to me, is to automate the setup of the jails and then you're done. Don't make it a manual process at all. John
On Fri, Mar 14, 2008 at 11:24:59AM -0400, John Stoffel wrote:
"Brian" == Brian J Conway <bconway@alum.wpi.edu> writes:
Now maybe I'm a little out of date, I'd love to know that more recent versions of OpenSSH support chroot'd sftp jails.
Brian> Actually, there is recent development on that front:
Brian> http://undeadly.org/cgi?action=article&sid=20080220110039
Brian> I don't believe it's part of any release of OpenSSH yet, but Brian> presumably soon.
Interesting. I'm still interested in the scp option though, since that's just as easy for user to use, and just as secure as sftp from what I see. I'd figure if you just did a static linking, you'd be all set.
The key, to me, is to automate the setup of the jails and then you're done. Don't make it a manual process at all.
Check this thread for a sftp-only chroot solution: http://www.mail-archive.com/misc@openbsd.org/msg29106.html
participants (5)
-
Aaron Haviland -
Brian J. Conway -
Chuck Anderson -
John Stoffel -
Tim Keller