Opinions On Preferred FTP Server for Linux

[Netopia]

Hey Everyone,

I'm playing with an RH9 machine and it appears that vsftp is the default (actually the ONLY) ftp server software on the machine. To make matters worse, RH decided to not set it up as part of xinetd, but did a stand-alone install instead. In the past, using wuftp I could easily setup to have local users go to their home folders on log-in (vsftp docs say only under xinetd) and have other things pretty easy to configure. Sooooo.... I'm going to look around and see if there isn't some ftp server software out there for the downloading, but I thought I'd get the AT opinions first.

So what do all of you like? Would you use something else or would you reinstall vsftp as part of xinetd? If the latter.... how would I go about UNinstalling the current setup?

Thanks for your thoughts...

Joe

 

[Need4Speed]

I prefer proftpd and pureftpd. I use proftpd on all of my *nix boxes and am pleased. Pretty straight forward to setup and can run as standalone or xinet. Though I prefer standalone as it is not as vulnerable to denial of service attacks. There are quite a few GUI tools available to aid in user management, but I can't comment on those since I use CLI most of the time.

 

[Soybomb]

I've used pro and pure and both work fine but the documentation for pure was much more thorough for what I wanted to do.

 

[pac1085]

Me 3 for pure-ftpd

 

[FoBoT]

Originally posted by: Vortex
Me 3 for pure-ftpd

i have also used Pure-FTPd , very easy to setup

 

[Netopia]

Hmmm.... it looks like I'm seeing a trend here!

Joe

 

[Nothinman]

Though I prefer standalone as it is not as vulnerable to denial of service attacks.

How so? xinetd does connection rate limiting per service and things like that.

 

[Need4Speed]

"The MaxInstances directive configures the maximum number of child processes that
may be spawned by a parent proftpd process in standalone mode. The directive has
no effect when used on a server running in inetd mode.

Because each child proftpd process represents a single client connection, this
directive also controls the maximum number of simultaneous connections allowed.
Additional connections beyond the configured limit are syslog'd and silently
disconnected. The MaxInstances directive can be used to prevent undesireable
denial-of-service attacks (repeatedly connecting to the ftp port, causing
proftpd to fork-bomb). By default, no limit is placed on the number of child
processes that may run at one time."

I was under the impression that since MaxInstances was not valid when using [x]inetd that this could cause a denial of service. I am not overly familiar with [x]inetd, thus I stand corrected if I misinterpeted that info.

 

[Nothinman]

I was under the impression that since MaxInstances was not valid when using [x]inetd that this could cause a denial of service. I am not overly familiar with [x]inetd, thus I stand corrected if I misinterpeted that info.

I believe xinetd can do the same thing, even with services that don't have a directive like that. And I believe it can do "Max instances in 5 seconds" or something like that to stop connection hammering, but still allow connections.

 

[Need4Speed]

good info to know...I'll have to look into that further now

 

[Sunner]

I prefer ProFTPd.

I've never used Pureftpd though, so I won't say one is better than the other, I mostly use ProFTPd cause Im used to it, it has all the features I need, and it just generally works good

Oh and the documentation is very good, now THAT's something I really like

 

[jhu]

i prefer sftp

 

[Workin']

I use proftpd. Works good. Fairly easy to set up.

 

[Netopia]

Well... so far it's tied at 3 each for Pro and Pure.

Anyone else have opinions?

Joe

 

[LuckyTaxi]

same thing ... more opinions for ya to consider

 

[Netopia]

Ahhh.... bless YOU!

Joe

 

[Abzstrak]

I'd say proftp too

also, to remove vsftp, I'd use this:

rpm -qa | grep vsftp | xargs rpm -e

 

[jhu]

are you guys giving anonymous ftp access? if not, then sftp (via ssh) would be a better solution.

 

[Workin']

Originally posted by: jhu
are you guys giving anonymous ftp access? if not, then sftp (via ssh) would be a better solution.

I allow only real users access via ssh. No anonymous ftp. And users stay in a chroot jail. SFTP lets users see the whole directory tree, which I do not want.

 

[Barnaby W. Füi]

Originally posted by: Workin'

Originally posted by: jhu
are you guys giving anonymous ftp access? if not, then sftp (via ssh) would be a better solution.

I allow only real users access via ssh. No anonymous ftp. And users stay in a chroot jail. SFTP lets users see the whole directory tree, which I do not want.

sftp breaks out of the jail? That doesn't sound right.

 

[chsh1ca]

Could always use scp if you're worried about security.

Another vote for Proftpd. I like how it handles virtual users.

 

[Workin']

sftp breaks out of the jail? That doesn't sound right.

Yeah, users can only make changes in their home directory but they can see the rest of the tree. Maybe I don't have something set correctly but it doesn't really matter since ftp over ssh works just fine.