I prefer to use FTP over SSH2 for non-anonymous access. Running one daemon (SSH) instead of 2 (SSH and FTP) is probably at least twice as secure. Brady Quoting David Phillips <david at acz.org>: > Johnny Fulcrum writes: > > Security is a concenr too (!)...I've played with > > wu-ftp and the ftp daemons that come "out of the box" with Mandrake > > (proftp I think)... > > WU-FTPD and ProFTPD are insecure. They each had a remote root security hole > within the last months. Don't ever consider using them. > > vsftpd is probably the best secure full service open source FTP server. I > don't use it because the only way to handle virtual users is with PAM (ick). > publicfile's ftpd is also secure, but it only allows anonymous downloads. > > I like NcFTPd. It's not open source, but it is secure, cheap, highly > configurable and extendable. You can write a custom authentication daemon, > making it easy to integrate NcFTPd with users stored in a database (great > for free or paid hosting). You can also write an event daemon or event > processor, making it easy to filter or scan files after they are uploaded. > > Note that while FTP is still very popular, it is also fundamentally insecure > for anything other than anonymous downloads: > > http://cr.yp.to/ftp/security.html > > -- > David Phillips <david at acz.org> > http://david.acz.org/ > > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > http://www.mn-linux.org tclug-list at mn-linux.org > https://mailman.real-time.com/mailman/listinfo/tclug-list > _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list