[33250] in North American Network Operators' Group
Re: FTP with authentication to RADIUS
daemon@ATHENA.MIT.EDU (Brian W.)
Fri Jan 5 11:11:25 2001
Date: Fri, 5 Jan 2001 08:09:14 -0800 (PST)
From: "Brian W." <bri@sonicboom.org>
To: Andrew Brown <atatat@atatdot.net>
Cc: Roeland Meyer <rmeyer@mhsc.com>,
"'Steven J. Sobol'" <sjsobol@NorthShoreTechnologies.net>,
joshua stein <jcs@rt.fm>, nanog@nanog.org
In-Reply-To: <20010105102759.A23453@noc.untraceable.net>
Message-ID: <Pine.BSF.4.21.0101050808370.33747-100000@cx175057-a.ocnsd1.sdca.home.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
scp is also a possibility, its usage is a bit cryptic, but it is an
option..
Brian
On Fri, 5 Jan 2001, Andrew Brown wrote:
>
> >1) many versions of FTP make you system vulnerable to root cracks.
>
> ...which are problems that need to be fixed. if you know of any...
>
> >2) There is NO way to run FTP in a SSH tunnel because it uses dynamic port
> >assignments.
>
> well...that's not entirely true. you can tunnel the command channel,
> just not the data channel.
>
> >3) FTP logins are plain-text.
>
> sure, which is why you tunnel them via ssh, or use ipsec.
> actually...if you use ipsec, you can get the data protected as well.
>
> >For sharing files, with anonymous users, HTTP is much better (see:
> >http://files.dnso.net)
>
> for sharing files with anonymous users, i'll always be using anonftp.
>
> --
> |-----< "CODE WARRIOR" >-----|
> codewarrior@daemon.org * "ah! i see you have the internet
> twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
> andrew@crossbar.com * "information is power -- share the wealth."
>
