marclaporte
commented
2 years ago What is the benefit of proftpd vs SFTP only?
Open Lawkss opened 2 years ago
marclaporte
commented
2 years ago What is the benefit of proftpd vs SFTP only?
chris001
commented
2 years ago What is the benefit of proftpd vs SFTP only?
Lawkss
commented
2 years ago Also requires for passive ports to be set in proftpd config as well as firewalld.
my point is, FTPS is not ready to go after initial setup even when setting Certs to use for all from Letsencrypt.
I think it might be fine to have SFTP, but then Virtualmin should say so more specifically when running the tasks.
but if you want users to use SFTP other than server admin I would comment out Subsystem sftp /usr/libexec/openssh/sftp-server in openssh config otherwise any user can browse System and is not locked to home directory.
marclaporte
commented
2 years ago Thank you @chris001 for that informative video. All popular clients support both FTPS and SFTP. SFTP offers more features (like public/private keys). I see no benefit for FTPS in use cases I have, but there must be some use cases where FTPS/proftpd makes sense. And thus, I understand that there should be an easy way to set up (open ports, etc.) and be secure.
VM7-beta on Rocky 9 enables SFTP only. Is there a good reason not to enable regular SSL FTP in proftpd?
When using SFTP from proftpd /etc/ssh/sshd_config would need the following line to be commented out to lock virtualmin user clients to home directory:
add # to Subsystem sftp /usr/libexec/openssh/sftp-server
Or is that intentional?
Can letscrypt script be adjusted to add certs to regular SSL FTP for those who want it enabled?
These stay on self signed even after setting virtualmin to use them for proftpd:
TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem TLSRSACertificateKeyFile /etc/pki/tls/private/proftpd.pem
the SFTP ones work.
Also TLS connection does not work with NoCertRequest in install out of the box config.
from log:
fatal: TLSOptions: : unknown TLSOption 'NoCertRequest'