On Wed, Nov 21, 2012 at 7:05 PM, Dan Kaminsky <dan at doxpara.com>
wrote:> Do we have any solid guidance how to do safe, anonymous, SFTP?
>
> Even with a dedicated shell, port forwarding creates open proxies (which I
> know can be disabled, but still).
I gave up on this a *long* time ago, for a lot of reasons, and
switched to WebDAV over HTTPS. It's built into myst web clients, there
are lightweight Java applications for upload, and the separation of
the service from shell access helps prevent people from doing clever
but dangerious configurations. And there are good UNIX and Linux
server configurations built into Apache, easily configurable and with
good support for both anonymous and non-anonymous access.