Which FTP Server?

Hey guys, I was just wondering if anybody had any advice on which ftp server I should use for my linode, security is my number one concern. Are there any with known security holes that I should avoid?

Cheers.

17 Replies

I've had a look and vsftpd seems to be quite good, might give this one a go. Thanks very much for that Peter.

Cheers.

That's the one I run. No problems here!

:D

I use VSFTP too and it's excellent.

i cant get vsftpd to accept anonymous connections. i setup the conf file right .. according to the website but it always gives me connecttion terminated wrong password.

Hi all, Im having a problem connecting to my vstpd. Im allowing all traffic right now.

Connection attempt failed with "ECONNREFUSED - Connection refused by server".

Im using the default config file, which allows annoymous users by default right now, but its not connecting.

See what the command netstat -lvnut produces. If you don't see something ending in ":21" under "Local Address," then the FTP server isn't listening for connections. If this is OK, check your firewall settings to make sure you're not blocking connections.

I recommend vsftpd if you really want to use ftp.

If security is your concern, don't use FTP at all. Use SFTP.

SFTP support is built right into your SSH server, so it's already supported. There are a variety of clients for every platform (Windows/Linux/OS X). It "just works", and provides similar functionality to FTP.

I'd have to agree with Guspaz. FTP isn't really worth it when you can use SFTP (SSH File Transfer Protocol, vastly more secure). But if you really must have FTP, vsftpd isn't a bad choice at all.

Is it possible to create a user for the primary purpose of sFTPing to a folder outside of the home directory, while using public/private keys?

I set up a user with no shell access, and a home directory of /var/www/domain.com, but I couldn't figure out where to put my public key, and so the sftp connection would never authenticate.

@epohs:

Is it possible to create a user for the primary purpose of sFTPing to a folder outside of the home directory, while using public/private keys?

I set up a user with no shell access, and a home directory of /var/www/domain.com, but I couldn't figure out where to put my public key, and so the sftp connection would never authenticate.

sshd should use ~/.ssh/ no matter what ~ is. So, in this case, it'd be /var/www/domain.com/.ssh/

You need to be careful with ownership/permissions as well - sshd is pretty picky about this. The complete path to the certificate must be readable by the user and not be writable by groups or others or belong to root.

Does it matter who owns the .ssh folder?

Because, I did all of those things and I believe I had permissions set correctly, but the owner of the folder was a different user.

@glg:

sshd should use ~/.ssh/ no matter what ~ is. So, in this case, it'd be /var/www/domain.com/.ssh/

That can be changed in your sshd_config file.

     AuthorizedKeysFile
         Specifies the file that contains the public keys that can be used
         for user authentication.  AuthorizedKeysFile may contain tokens
         of the form %T which are substituted during connection set-up.
         The following tokens are defined: %% is replaced by a literal
         '%', %h is replaced by the home directory of the user being
         authenticated and %u is replaced by the username of that user.
         After expansion, AuthorizedKeysFile is taken to be an absolute
         path or one relative to the user's home directory.  The default
         is ``.ssh/authorized_keys''.
  • As a side note to the OP, if you are doing something like this, please define a /web folder or the like and have all HTML, PHP, * files in that folder and have your web server serve /web to the world and confine your home dir the /var/www/domain.com/

    > Does it matter who owns the .ssh folder?
    Very much so, and permissions have to be set very properly. The owner and group owner should be the user you are attempting to log in as, the .ssh folder will need to be set to chmod 700 and the authorized_keys to chmod 644.

There is a list of users in /ect/vsftpd that does not allow users on that list access. It just disconnectd base don those users

e.g

ftp cron

disconnected

@cherring:

Hey guys, I was just wondering if anybody had any advice on which ftp server I should use for my linode, security is my number one concern. Are there any with known security holes that I should avoid?

The correct answer of course, is to not run FTP at all (horribly insecure). There are plenty of SFTP/SCP clients available for most platforms which obviate the need to run an FTP server.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct