On 2016-09-15 03:27, Anton Aylward wrote:
On 09/14/2016 09:04 PM, James Knott wrote:
On 09/14/2016 07:58 PM, Carlos E. R. wrote:
Sorry, but what can a firewall do about a password transmitted in the clear? :-?
That's why it's not a good idea to use FTP for other than anonymous use over the Internet.
That's so.
I've found that implementing a HTTP server in [la e of a FTP server offers all the functionality, butter access control, in all aspects, and a host of other facilities that simply don't exist with FTP.
But not bidirectional. Eum... what means that "in [la e of a FTP" above? A cat on the keyboard? :-)
And of course it can operate over a single port so is "firewall friendly".
Yes. The problem I have is that sftp/ssh/fish is broken in Midnight Commander, so that I have to use ftp. Or, in "/etc//ssh/sshd_config" set: # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes I still don't know for sure what are the consequences of this change, security wise. I understand it facilitates script kiddie attacks. (See https://lists.opensuse.org/opensuse/2014-12/msg00589.html) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)