Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: ProFtpd vs. VsFtpd

  1. #11
    Join Date
    May 2006
    Location
    Switzerland
    Beans
    2,541
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: ProFtpd vs. VsFtpd

    Quote Originally Posted by zehner View Post
    If you plan to chroot your users, then its easier to setup a FTP server, than to chroot an instance of the SSH server.
    Not true. Just see the link he posted above. You can use mechanisms such as "scponly" so that users could use SCP and SFTP but not login via a shell. And limiting such users to certain directories can easily be achieved via user and file permissions. Or file ACL's if you're like me prefer to use that feature

  2. #12
    Join Date
    Nov 2007
    Location
    Alexandria, VA
    Beans
    228
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: ProFtpd vs. VsFtpd

    Quote Originally Posted by giggins View Post
    I guess to be fair though, if the only thing you want to compare are ProFtpd and VsFtpd, then its really a matter of personal preference. They both use standards, both have decent records as far as security is concerned, both have been around for a while, and they both have a ton of documentation and features. Try them both and let us know which one you choose and why.
    I had to move quickly on this, so I did decide to go with FTPS. SSH sounds really interesting and extremely well-suited to many remote-access solutions, but I already had a basic understanding of FTPS and I'm only concerned with file transfer, so I went that route. I will definitely give SSH a shot in the future when I have more time to research it.

    The main reason I chose FTPS is that I wanted to do local user management and authentication on the FTP server so the LDAP integration wouldn't be that useful to me since the FTP server lives in my DMZ and can't communicate from the DMZ to my internal network. The internal network can, however, talk to the FTP server in the DMZ. I specifically chose ProFTP because it has some great user/server security controls and its setup and administration in Ubuntu are really well documented. I was able to get the server up and running quickly. The part that took a little more time was securing it with the SSL certificate. I worked on that issue alone for a full day then stopped, took a deep breath, and did some more research. I found this posting which solved my problem. The issue I was having was that the module mod_tls.c wasn't loading so the TLS functionality wasn't enabled. All I had to do was add:
    Code:
    LoadModule mod_tls.c
    to the top of my proftpd.conf file and it worked right away. This step was not mentioned in any of the tutorials I read, even those specifically talking about enabling SSL/TLS in ProFTPd. I was surprised because I didn't build it from source, it came out of the Ubuntu repository, so I would think this is a common issue. Once that was in place, everything worked like a charm.

    Thanks to all of you for your input to this thread. You have really raised my curiosity about SSH, so I'm going to start looking into that and experimenting with it a bit.
    “You tried your best and failed miserably. The lesson is: never try.” --Homer Simpson

  3. #13
    Join Date
    May 2006
    Location
    Switzerland
    Beans
    2,541
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: ProFtpd vs. VsFtpd

    Quote Originally Posted by chrisinspace View Post
    I had to move quickly on this, so I did decide to go with FTPS.
    That's like saying: "I am in a hurry, so I'll pick the 60 years old VW Beetle over the brand-new Ferrari Formula-1 car ...."

    No insult intended. But let's face it: How many hours did you spend to get FTPS working??? Getting SSH (and therefore SFTP too!) up and running is just a matter of a few minutes.

  4. #14
    Join Date
    Jul 2009
    Beans
    18
    Distro
    Ubuntu 9.04 Jaunty Jackalope

    Re: ProFtpd vs. VsFtpd

    I've setup up both, and I'd say both take about the same amount of time...vsftpd has been easy to get running for FTPS and chroot in the past or me. But I agree, SFTP is the best way to go in nearly every way.

  5. #15
    Join Date
    Nov 2007
    Location
    Alexandria, VA
    Beans
    228
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: ProFtpd vs. VsFtpd

    Quote Originally Posted by scorp123 View Post
    That's like saying: "I am in a hurry, so I'll pick the 60 years old VW Beetle over the brand-new Ferrari Formula-1 car ...."

    No insult intended. But let's face it: How many hours did you spend to get FTPS working??? Getting SSH (and therefore SFTP too!) up and running is just a matter of a few minutes.
    Isn't FTP actually supposed to be faster at moving files? If I don't need any of the remote access capabilities offered by SSH, then what are its benefits over FTPS? I'm not trying to argue the point; I'm trying to learn more about SSH. Now that I have a solution in place, I can take a little time to understand it better.
    “You tried your best and failed miserably. The lesson is: never try.” --Homer Simpson

  6. #16
    Join Date
    May 2006
    Location
    Switzerland
    Beans
    2,541
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: ProFtpd vs. VsFtpd

    Quote Originally Posted by chrisinspace View Post
    Isn't FTP actually supposed to be faster at moving files?
    This is only valid for pure unencrypted FTP. As the protocol isn't encrypted it has far less overhead than an encrypted connection such as SSH/SCP/SFTP. So yes, unencrypted FTP could be noticeably faster.

    But between FTPS and SFTP/SCP I'd doubt you see a lot of a difference. Both use some form of SSL to encrypt their traffic, hence there should be similar overhead.

    Quote Originally Posted by chrisinspace View Post
    If I don't need any of the remote access capabilities offered by SSH, then what are its benefits over FTPS?
    SSH and its sub-protocols are pretty much compliant to any networking standard (IETF, RFC and what not) that you can find and especially firewalls --no matter what brand-- should not have any troubles whatsoever with SSH and its sub-protocols, whether you just wish to transfer files via SCP or SFTP, administrate systems remotely via SSH, mount a server's remote filesystems via SSHFS or use SSH's extensive tunnelling capabilities --- it should all just work. With any firewall. Period. SSH server software such as OpenSSH is constantly being improved and I am not aware of any serious security issue that would currently exist for the current incarnation of the SSH protocol.

    FTPS however is a dirty dirty hack: you put a complicated SSL layer over an already complicated and outdated and highly insecure two-way protocol that already without that hack had plenty of troubles of its own. It may work or it may not work with your firewall, with your business partner's firewall, with their client software .... In other words --and this has already been pointed out to you-- FTPS is prone to having troubles. Good luck troubleshooting that if it ever misbehaves.


    Stuff you might want to read:

    http://en.wikipedia.org/wiki/SSHFS
    http://www.cyberciti.biz/tips/linux-...practices.html

  7. #17

    Re: ProFtpd vs. VsFtpd

    Amusing your 100~ meg file is a single file, and slowly changes over time using a protocol which supports delta uploading such as RSync, Unison or any of the recent version control systems would be substantially faster than re-uploading the entire file every time.

    If you are ever stuck inside a network, which only has ports 80 and 443 available, with 80 proxied and filtered you will see just how bad FTP is, tunnelling SSH, and thus sftp over port 443 is relativity easy, but as FTP runs on multiple ports, it is not easy to tunnel. Though in the above situation the best option is WebDAV or Subversion over WebDAV, the latter is faster as it does delta transfers.
    Last edited by hessiess; July 28th, 2009 at 01:44 AM.
    im dyslexic, please don't comment on my spelling
    blender 3d artist, visit my portfolio
    Quad-Ren, Open source, resolution independent 2D graphics engine
    Screen space is a precious resource, don't waste it

  8. #18
    Join Date
    Nov 2007
    Location
    Alexandria, VA
    Beans
    228
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: ProFtpd vs. VsFtpd

    Well, thanks to all of you. I've learned a lot.
    “You tried your best and failed miserably. The lesson is: never try.” --Homer Simpson

  9. #19
    Join Date
    May 2006
    Location
    Switzerland
    Beans
    2,541
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: ProFtpd vs. VsFtpd

    Quote Originally Posted by hessiess View Post
    Amusing your 100~ meg file is a single file, and slowly changes over time using a protocol which supports delta uploading such as RSync, Unison or any of the recent version control systems would be substantially faster than re-uploading the entire file every time.
    Fully agree to that. Let's take "rsync" for example: it "just works" with SSH. In my example I will assume that the SSH server is listening on port 2222 (instead of the standard port 22).

    So instead of using SCP every time to copy a 100 MB file in full ...
    Code:
    scp -P 2222 -r /path/to/local/file user@server:/path/to/remote/location
    ... one could simply use rsync to transfer just the deltas:
    Code:
    rsync -e "ssh -p 2222" -a -v /path/to/local/file user@server:/path/to/remote/location
    (... I hope I got the syntax right ... )

  10. #20
    Join Date
    Mar 2008
    Location
    Canada
    Beans
    239
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: ProFtpd vs. VsFtpd

    The only reason I wanted to set up a FTP server was to share a folder with some users without letting them see the whole filesystem.

    Some people here suggested setting permissions on the filesystem, but I really doubt it is a good idea to alter the default permissions.

    Other have mentioned chroot. But from what I saw in a few guides:
    Code:
    http://www.howtoforge.com/chrooted_ssh_howto_debian_p2
    it seems that it involves creating scripts, and users, and putting . in their home address.

    A lot of hassle when I actually want to share a directory such as "/home/share" without them being able to go higher than that.

    If you guys no any simple and clean solution for chroot and SSH, then I would say that FTP is obsolete, but until then... I am still looking for the FTP server that does this easily.

Page 2 of 3 FirstFirst 123 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •