freebsd stable - Jan 2012 - FTPS Server?

Not SFTP (which is supported by the sshd) but FTPS.... is it supported
by FreeBSD?

This question may belong on the ports list, but a quick perusal there
didn't find anything particularly interesting (one possible candidate is
marked broken)

Thanks in advance.

-- Karl Denninger

Hi,

You can easily set up FTPS with pure-ftpd, but AFAIK only the 
authentication will be secured. This is also called FTP-TLS.

Regards,
Andras

On Thu, 05 Jan 2012 06:47:38 -0600, Karl Denninger
wrote:
> Not SFTP (which is supported by the sshd) but FTPS.... is it 
> supported
> by FreeBSD?
>
> This question may belong on the ports list, but a quick perusal there
> didn't find anything particularly interesting (one possible candidate 
> is
> marked broken)
>
> Thanks in advance.
>
> -- Karl Denninger
>
>
> _______________________________________________
> freebsd-stable@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to 
> "freebsd-stable-unsubscribe@freebsd.org"

On 05/01/2012 12:47, Karl Denninger wrote:
> Not SFTP (which is supported by the sshd) but FTPS.... is it supported
> by FreeBSD?
No, not supported in the base system.
> This question may belong on the ports list, but a quick perusal there
> didn't find anything particularly interesting (one possible candidate
is
> marked broken)
Several of the ftp daemons in the ports should be capable of running
FTPS.  10 seconds with Google turns up HOWTOs for setting up either
vsftpd or proftpd to provide FTPS support.

However, personally, I'd avoid FTPS.  It suffers from most of the design
flaws of standard FTP[*], particularly as regards passing through
firewalls.  Worse, because the traffic is encrypted, you can't even use
tools like ftp-proxy (in ports as ftp/ftp-proxy) to extract transient
port numbers by deep packet inspection.  As far as your users are
concerned, just use SFTP.  It behaves exactly like an ordinary FTP
client, but the underlying SSH protocol over the network is way, way
better designed.

	Cheers,

	Matthew

[*] Miserable, archaic and long overdue to be put out of our misery.

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew@infracaninophile.co.uk               Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url :
http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20120105/8705e867/signature.pgp

On 05/01/2012 13:30, G?t Andr?s wrote:
> Hi,
>
> You can easily set up FTPS with pure-ftpd, but AFAIK only the
> authentication will be secured. This is also called FTP-TLS.
>
> Regards,
> Andras
>
Hi,

pure-ftpd offers configurable TLS support including control *and* data 
channel encryption.

http://download.pureftpd.org/pub/pure-ftpd/doc/README.TLS

Please refer to the "ACCEPTING TLS SESSIONS" section.

Regards,

Jase.