Linux Today: Linux News On Internet Time.

TuxPPC: Guide: Setting up a virtual FTP server

Mar 06, 2002, 17:30 (0 Talkback[s])
"Let's face it, FTP servers are insecure by nature. The plain FTP protocol does not include any encryption for password. This means that passwords are sent in plain text from the client to the server. Any halfway skilled person with a sniffer will be able to catch those passwords on their way and use them against you.

Indeed, with standard FTP servers, authentication is done against the user accounts on the Linux or Unix box. So if someone sniffs an FTP passwords, he'll have a shell password at the same time and may make use of it to break into the server system.

The present HowTo will guide you through the steps to set up a virtual FTP server. This won't prevent FTP passwords from being sniffed, but it will greatly diminish the impact of a stolen password on the rest of the servers. Indeed, while having no FTP server running at all is certainly the best solution, sometimes you need to have one and in that case, running a virtual FTP server is the next best thing to do."

Complete Story