Matthias Pigulla wrote:
Hi folks,
after all the buffer overflows found in proftpd and SuSE's unambigous statement yesterday night, I wonder which ftp daemon to use if you have to run ftpd services on a production machine.
SuSE recommended D. J. Bernstein's anonftpd for anonymous ftp access. But what to do if user logins are required?
Which daemon would you recommend if - security (hey, we're on suse-security ;-) - easy configuration - chroot'ing - administration by a non-root user is required?
What do you think about wuftpd? in.ftpd? If I remember right, there were postings on this list reporting wuftpd weaknesses a few months ago.
not that i am a security specialist, but i'd recommend the ssh-suite for _every_ connection to your server (well ... nearly every ;-) ... using ssh you could do scp, even from one host you are not connected to to another host you are not connected to either (yup, really works) to copy files, every thing neat and secure, or even tunnel insecure connections like ftp or pop ... windows clients are available just my 2 cents hth Hannes -- Johann Georg Hautzinger, email: trema@eic.at, Tel.: 531 00 1907 Erste Bank AG - OE 0423 - Orga./Entw. Treasury u. Orga.Wertpapier Boersegasse 14, 1010 Wien http://treasury.erstebank.at