| |||||||||||||
Who still uses FTP, for anything?Who still uses FTP, for anything?Posted Jul 5, 2011 13:10 UTC (Tue) by drag (subscriber, #31333)In reply to: Who still uses FTP, for anything? by dion Parent article: Vsftpd backdoor discovered in source code (The H)
> Why are there still people using FTP in the world?
Because it is convenient and it works.
> There are so many less brain dead and much more secureable alternatives that it boggles the mind that anyone even knows that FTP ever existed.
There are alternatives, but not terribly suitable replacements. The closest is probably webdev.
If you care about security you use signed/encrypted files and throw away user accounts that have nothing to do with unix accounts.
(Log in to post comments)
Who still uses FTP, for anything? Posted Jul 6, 2011 10:54 UTC (Wed) by Jonno (subscriber, #49613) [Link]
I'd say that the most suitable replacement for ftp would be sftp.
sftp is a file transfer protocol built on top of ssh (technically you ssh into a machine and run /usr/lib/misc/sftp-server instead of your shell), and has nothing to do with ftps (which is regular ftp within a tls channel).
sftp's biggest disadvantage is that it shares / by default, and while restricting that is easy, you also restrict your regular ssh session at the same time, making it virtually useless. Of course, you can run two instances of the ssh server at different ports, one chrooted and only allowing sftp, and one only allowing admins to log in but giving full ssh access.
Who still uses FTP, for anything? Posted Jul 6, 2011 13:22 UTC (Wed) by niner (subscriber, #26151) [Link]
If you don't restrict a regular ssh session the same way as sftp, then the restriction is useless anyway. If sftp is restricted to a certain directory, and a shell isn't, then I simply use the fish:/ protocol in KDE which simply uses basic shell commands on the server side, e.g. ls and cat. With that one can do all the things possible with sftp.
Who still uses FTP, for anything? Posted Jul 7, 2011 11:52 UTC (Thu) by Jonno (subscriber, #49613) [Link]
Of course, but my use case is one where every user can access files in a subtree, but only admins can get a shell.
If you want admins to see the same url view for sftp (which is simplifies support enormously), you need two sshd daemons on the machine, which is quite complex to set up properly (need to hack initscripts), and the admins need to remember to supply a non-standard port number every time they want to get a shell.
Being able to configure a chroot path for sftp-sessions only would simplify this hugely.
Who still uses FTP, for anything? Posted Jul 6, 2011 16:07 UTC (Wed) by jond (subscriber, #37669) [Link]
What about anonymous FTP?
What about legacy client software lacking sftp support?
Who still uses FTP, for anything? Posted Jul 7, 2011 7:25 UTC (Thu) by rqosa (subscriber, #24136) [Link] > What about anonymous FTP? Assuming that the anonymous users aren't allowed to upload files, HTTP should be a suitable replacement.
Who still uses FTP, for anything? Posted Jul 7, 2011 10:35 UTC (Thu) by anselm (subscriber, #2796) [Link] Kinda, sorta as long as you don't rely on FTP features such as partial downloads, wildcard-filename downloads or translation of line endings for text files. Of course there are ways of getting these sorted on an HTTP server, but they may involve added inconvenience for the downloading user or the server operator. For example, an FTP server will give you a directory listing but an HTTP server usually won't (not as long as you don't enable it explicitly, and then usually in an HTML format that programs must laboriously parse).
Who still uses FTP, for anything? Posted Jul 7, 2011 12:04 UTC (Thu) by Jonno (subscriber, #49613) [Link]
You know, FTP doesn't give file listings in a fixed format either, but as a plaintext file, which the client must parse differently depending on what FTP server you are running, and sometimes based on the LC_xxx settings on the server...
The closest thing to a standard there is is "do like POSIX `ls -la`", but that is not universally followed, especially by ftp servers on non-POSIX hosts...
For HTTP there is at least webdav, which can provide a standardized machine parseable directory listing...
Who still uses FTP, for anything? Posted Jul 8, 2011 7:53 UTC (Fri) by rqosa (subscriber, #24136) [Link] > partial downloads HTTP supports that, by way of the "Range:" request header. > translation of line endings for text files That really shouldn't be necessary anymore, since many programs (text editors, etc.) support the multiple different line-ending types. (And of course it will corrupt binary files if turned on by mistake.)
Who still uses FTP, for anything? Posted Jul 8, 2011 8:02 UTC (Fri) by rqosa (subscriber, #24136) [Link] (I should have linked to the HTTP/1.1 RFC instead.)
Who still uses FTP, for anything? Posted Jul 8, 2011 11:47 UTC (Fri) by union (subscriber, #36393) [Link]
I always use sftp where I can.
But ...
I find one of the major shortcoming of OpenSSH sftp implementation is lack of logging.
I believe OpenSSH devs say that since you can login via ssh and copy paste data it would not guarantee completes and provide false sense of security.
But I would like an option for running sftp only with nice logs, but as far as I can tell there really isn't any widely deployed sftp only server for linux.
Who still uses FTP, for anything? Posted Jul 8, 2011 17:06 UTC (Fri) by erwin@andreasen.org (guest, #51369) [Link]
How nice logs do you need? On the OpenSSH 4.3p2 as deployed in RHEL 5 you can enable logging by setting:
Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO -f AUTHPRIV
in your sshd_config. That will be fairly verbose (logging e.g. what directories are opened to find a file list) but will also log file transfers.
|
|||||||||||||