I think it depends on what you mean when you say that you've done this before but it wasn't the best option. Plain old ftp is subject to man in the middle attacks but the vast majority of stolen passwards are gotten through social engineering, key loggers, and brute force password guessing programs, not by man in the middle attacks. Of course, these days there is little reason not to use sftp instead of plain old ftp because most clients support sftp. but that isn't going to prevent most of the break-ins. It's not usually the technology that fails, it's usually the end users. They respond to a phishing message, they install a virus, or they use the same password for everything. Usually the problem is more one of end user management than setting up the server. Are we talking about a handful of end users and you have to make sure the bad guys don't get access to files that contain private information or are we talking about a large number of end users and you're worried that someone will start using your site as a porn server? Your approach will depend more on the number and sophistication of your end users than it does on the technology. On 08/11/2014 12:56 PM, Andrew Hodgson wrote:
Hi,
I want to set up a web server with FTP on a Debian box. Idea is that users log in and get access to /var/www/host, but that is it. I have done this before but it wasn't the best option, and I need this to be as secure as possible (realising that the password for FTP connections go over plaintext).
Any recipes/ideas that have worked in the past? Thanks. Andrew. _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins