Answers to: chroot FTP vs SFTP

Answer by LiquidPaper

LiquidPaper — Thu, 13 May 2010 23:11:51 -0400

These are two different things. A chroot'ed program runs in a restricted environment, meaning it should not interfere with other parts of the system. This is more in the realm of the OS.

If the data is transferred in open or encrypted is the job of the server software (and what the client can accept). You suggest sftp, but other protocols (https, ssh are othe possibilities).

In short, any program can be chroot'ed. Transferral of the data (open/encrypted) depends on the software (server AND client).

In your case, if users are pulling data from your server, I will recommend sftp (https may also be a possibility and users won't need another client).

If your server is behind a well kept firewall, and the server software is well behaved, you may not need chroot. The cost of chroot is just the installation (recreate the environment, copy files to the chroot'ed new directory structure, remembering to update). It is only done once, and may give you a little more peace of mind.

Sorry it went so long.

Answer by jeremy

jeremy — Thu, 13 May 2010 04:17:58 -0400

European beads Chamilia beads Troll beads Biagi beads

Chamilia beads

[URL=http://www.hydiapearl.com/pandora-troll-beads-c-27_657.html]European beads[/URL] [URL=http://www.hydiapearl.com/pandora-troll-beads-c-27_657.html]Chamilia beads[/URL] [URL=http://www.hydiapearl.com/pandora-troll-beads-c-27_657.html]Troll beads[/URL] [URL=http://www.hydiapearl.com/pandora-troll-beads-c-27_657.html]Biagi beads[/URL] [URL=http://www.hydiapearl.com/pandora-beads-c-27_657_42.html]pandora jewelry[/URL]

YOU MUST NOT MISS IT!!! free shipping come best quality guarantee!!

Answer by gjcwilliams

gjcwilliams — Wed, 12 May 2010 22:25:12 -0400

Apart from the obvious differences that ftp is cleartext and sftp is encrypted. FTP is an old technology and people generally recommend moving to newer alternatives such as rssh/ssh/sftp as its implementation is flawed in the modern age. It should be noted FTP uses different ports for control data (TCP: 20) and another port for transferring data (TCP: 21). With organisations using stateful firewalls this can cause issues when trying to transfer data. This is better described in the below link outlining the differences between Active/Passive mode. SFTP only uses one port and does not have these drawbacks.

http://slacksite.com/other/ftp.html

I know this specifically does not answer your question but may be a consideration when you are choosing which to go with.

Answer by memnoch_proxy

memnoch_proxy — Tue, 11 May 2010 06:23:13 -0400

If you are transferring content that might have legal, personal, or financial information, make sure your organization understands its liabilities and possible compliance obligations.

The only compelling reasons I can think of are when you have customers that are unable to connect using a ssh/tls/sftp capable client, or they are using an embedded device for ftp, or the security of account credentials is essentially worthless and the data does not contain personally identifiable materials. If you have actual security concerns, do not use ftp and discourage your clients from using it. Anyhow, the benefits of ftp as a protocol have mostly been surpassed by https POST, PUT, and/or webdav.

Of course there are lots of howtos on the Internet providing instructions for things that are not best practice. I wouldn't misconstrue their presence as much wisdom, only prevalence. Password sniffing is easy. Consult SANS and research the topic "defense in depth."

Answer by Aaron 1

Aaron 1 — Tue, 11 May 2010 02:31:19 -0400

rssh provides the best of both worlds -> you chroot users, restrict them to just sftp access, lots of good stuff http://www.pizzashack.org/rssh/ ; also, modern versions of openssh support chroot

Answer by mackal

mackal — Mon, 10 May 2010 17:26:40 -0400

FTP transmits the password in plain text, so unless you're going over a local network, use SFTP (or some other more secure method).