FTP / SFTP configuration
From Elvanör's Technical Wiki
- One of the best FTP servers available for UNIX platforms is vsftpd. It allows to create a chroot on the user's home directory, allows for anonymous access configuration etc.
- Some noteworthy configuration settings:
chroot_local_user=YES # chroot local users chroot_list_file=/opt/local/etc/vsftpd.chroot_list # users present in this list will NOT be chrooted # The following forbid access to all users except those in the userlist_file userlist_enable=YES userlist_deny=NO userlist_file=/opt/local/etc/vsftpd.user_list listen=YES # turn on vsftpd into the standalone mode
- Note that it is recommended to forbid access to sensitive users, because of FTP inherent security problems. See below.
- The problem with the FTP protocol is that passwords are sent in clear, thus is very insecure. It should never be used for important accounts.
- SFTP has actually nothing common with FTP; SFTP only requires SSH to be running on the server. No FTP server at all is needed for SFTP, which makes SFTP very, very simple to configure.
- It is possible to setup a chroot with SFTP though this would require some work.
- You can test a SFTP server by using the command line client sftp (which actually calls ssh under the hood).