Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion
  Previous topic | Next topic 
Author Message
IceClimber
PostPosted: Sat Aug 03, 2013 10:16 pm 
Offline
Senior Newbie

Joined: Sun Jul 14, 2013 4:39 am
Posts: 18
I plan on setting up a FTP server on my Linode and I've read that this practice is disouraged due to security concerns. How bad is it?

I plan on serving up files through http, no real logins or anything. I assume there is a way to configure sftp for the transfer or that most modern ftp servers come configured with this by default.

I know that some things such as running a telnet daemon are inheritently dangerous but I still see sites use FTP through a web interface.
Top
   
Reply with quote  
anderiv
PostPosted: Sat Aug 03, 2013 10:30 pm 
Offline
Senior Member

Joined: Tue Apr 27, 2004 5:10 pm
Posts: 212
FTP sends all data, including credentials over cleartext. It's a *bad* idea to use it. I could enumerate the reasons why here, but instead, I'll refer to you to the always enlightening http://mywiki.wooledge.org/FtpMustDie.

FTPS (FTP over SSL) is better, but if you're going to the trouble of setting that up, don't bother. Just use sftp, the server for which is already provided by your distro's ssh daemon. From the client's perspective, SFTP works in a nearly identical fashion to FTP, but it can take advantage of strong authentication (you do have password auth turned off, don't you?), as well as encryption all data including credentials.

_________________
Image
Top
   
Reply with quote  
dcraig
PostPosted: Sat Aug 03, 2013 10:46 pm 
Offline
Senior Member

Joined: Sun Apr 26, 2009 3:37 am
Posts: 72
Website: http://wiggenhorn.org/
If you're serving files to the public via HTTP (without requiring a user/pass), then running an anonymous FTP server to serve those very same files via FTP is no less safe. SFTP is preferred over FTP in cases where users need to provide login credentials.
Top
   
Reply with quote  
IceClimber
PostPosted: Sun Aug 04, 2013 12:15 am 
Offline
Senior Newbie

Joined: Sun Jul 14, 2013 4:39 am
Posts: 18
I have password auth turned off, as well as root login, but like dcraig said I will be serving files to the public without requiring a user name/password but I was planning on doing it over https.

I've seen other sites do this and I was not required to login. If SFTP requires users to provide login credentials it sounds like my only option might be to go with FTPS.
Top
   
Reply with quote  
sweh
PostPosted: Sun Aug 04, 2013 7:18 am 
Offline
Senior Member
User avatar

Joined: Tue Apr 13, 2004 6:54 pm
Posts: 833
SFTP/FTPS has nothing to do with HTTPS. They're two different things, entirely.

Why do you think you need any form of FTP?

_________________
Rgds
Stephen
(Linux user since kernel version 0.11)
Top
   
Reply with quote  
IceClimber
PostPosted: Tue Aug 06, 2013 10:04 am 
Offline
Senior Newbie

Joined: Sun Jul 14, 2013 4:39 am
Posts: 18
Yeah, after thinking it over I decided that this is probably a bad idea. I don't know what I was thinking, probably that somehow FTP would be the backend and the data would be transported using http or https.
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion


Who is online

Users browsing this forum: No registered users and 5 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group