FTP with authentication to RADIUS
Adam McKenna
adam at flounder.net
Fri Jan 5 16:48:34 UTC 2001
On Fri, Jan 05, 2001 at 10:27:59AM -0500, Andrew Brown wrote:
>
> >1) many versions of FTP make you system vulnerable to root cracks.
>
> ...which are problems that need to be fixed. if you know of any...
It's more of an ongoing travesty with wu-ftpd and almost as bad with proftpd,
and the script kiddies routinely have the exploits for weeks or months before
the general population knows about them.
> >2) There is NO way to run FTP in a SSH tunnel because it uses dynamic port
> >assignments.
>
> well...that's not entirely true. you can tunnel the command channel,
> just not the data channel.
Well, if you use passive mode, you can tunnel the data channel as well. The
question is why you would want to do this instead of just using rsync or scp.
> >3) FTP logins are plain-text.
>
> sure, which is why you tunnel them via ssh, or use ipsec.
> actually...if you use ipsec, you can get the data protected as well.
>
> >For sharing files, with anonymous users, HTTP is much better (see:
> >http://files.dnso.net)
>
> for sharing files with anonymous users, i'll always be using anonftp.
Good luck with that.
--Adam
--
Adam McKenna <adam-sig at flounder.net> | "No matter how much it changes,
http://flounder.net/publickey.html | technology's just a bunch of wires
GPG: 17A4 11F7 5E7E C2E7 08AA | connected to a bunch of other wires."
38B0 05D0 8BF7 2C6D 110A | Joe Rogan, _NewsRadio_
11:45am up 209 days, 10:03, 9 users, load average: 0.13, 0.08, 0.02
More information about the NANOG
mailing list