Hi, I want to setup vsftp on centos 4.5. 2 types of ftp. they are active and pasive. What is the default type ftp type o CentOS ? Is is PASIVE ftp? in /etc/vsftpd/vsftpd.conf, I found below line. What should I do for below line? # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES Should I COMMENT it out? I need a very secure ftp service. YOUR ideas? -- Thank you Indunil Jayasooriya -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070922/e3631346/attachment-0001.html>
Indunil Jayasooriya wrote:> Hi, > > I want to setup vsftp on centos 4.5. 2 types of ftp. they are active > and pasive. What is the default type ftp type o CentOS ? > > Is is PASIVE ftp? > > in /etc/vsftpd/vsftpd.conf, I found below line. What should I do for > below line? > > # Make sure PORT transfer connections originate from port 20 (ftp-data). > connect_from_port_20=YES > > Should I COMMENT it out? I need a very secure ftp service.'very secure' and 'ftp' don't go together. passive vs 'active' has no impact on 'security'. the choice of passive vs active is strictly at the clients whim after authentication, and unless you have control over all clients and their transfer modes, you should support both to be RFC compliant. FTP is inherently an insecure protocol as it sends the user credentials in plain text.
PASIVE vs ACTIVE depend on witch one, the server or the client will open the DATA connection first, this is the client that decide. This is useful if the client is behind a firewall not able to make connection tracking on ftp sessions. Use sftp instead of ftp. sftp is already running if sshd is running. On 9/22/07, Indunil Jayasooriya <indunil75 at gmail.com> wrote:> Hi, > > I want to setup vsftp on centos 4.5. 2 types of ftp. they are active and > pasive. What is the default type ftp type o CentOS ? > > Is is PASIVE ftp? > > in /etc/vsftpd/vsftpd.conf, I found below line. What should I do for below > line? > > # Make sure PORT transfer connections originate from port 20 (ftp-data). > connect_from_port_20=YES > > Should I COMMENT it out? I need a very secure ftp service. > > > YOUR ideas? > > > > > > -- > Thank you > Indunil Jayasooriya > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >-- Alain Spineux aspineux gmail com May the sources be with you
Indunil Jayasooriya wrote:> # Make sure PORT transfer connections originate from port 20 (ftp-data). > connect_from_port_20=YES > > Should I COMMENT it out? I need a very secure ftp service.Don't bother. Use (enforce) passive instead, it is much friendlier with firewalls.> YOUR ideas?If you really want it secure, consider FTP/SSL (aka FTPS). This page shows how to set it up using vsftpd... http://www.brennan.id.au/14-FTP_Server.html -- Said one park ranger, 'There is considerable overlap between the intelligence of the smartest bears and the dumbest tourists.' Mark D. Foster, CISSP <mark at foster.cc> http://mark.foster.cc/