SSH also allows tunnels to be created both ways over the same channel. And since it's encrypted, nobody would know that's going on. That scares me a lot more than usernames and passwords being exposed. That can be mitigated by protecting the payload. Or maybe the two parties have a VPN. Or maybe the value of the information is inconsequential.
I don't know what went into their decision and what security concerns they have, but I wouldn't immediately discount their security team based on that decision alone. As Bruce Schneier said, "If you think encryption will solve your problem, you don't understand your problem and you don't understand encryption."
Sean
On Tue, Mar 22, 2011 at 1:44 PM, Gilles Detillieux < grdetil@scrc.umanitoba.ca> wrote:
Hmm. So Security would prefer the use of protocols that send passwords as plain text, rather than encrypted??? Would these crocodiles happen to live next door to a zeeba?
On 22/03/2011 1:17 PM, Kevin McGregor wrote:
Thanks for the suggestion, Gilles. Alas, getting Security at the City to allow SSH out is like pulling teeth from a very hungry crocodile -- I'd like to avoid both. I'd totally prefer SSH, but it's not an option.
On Tue, Mar 22, 2011 at 12:51 PM, Gilles Detillieux <grdetil@scrc.umanitoba.ca mailto:grdetil@scrc.umanitoba.ca> wrote:
Also check your userlist_* options in vsftpd.conf. Ifuserlist_enable
is YES, then make sure the login name you're using isn't in the user_list file (or is if userlist_deny=NO). You may want to checkthe
PAM configuration as well, as it can add another layer, and another allow/deny list as it does on RHEL systems. You could also enable the dual_log_enable and syslog_enable options,as
this may give you a bit more feedback in your logs to help get to the bottom of this. If all else fails, install/enable sshd and switch from FTP to SFTP.;-)
Gilles On 22/03/2011 12:27 PM, Kevin McGregor wrote: > Maybe someone can throw in their two cents on this: > > I installed vsftpd on my Ubuntu 10.04 server, and I set > > local_enable=YES > write_enable=YES > > When I FTP to the server, I get prompted for a username andpassword,
> but it seems to just reject it and ask for username/password again. What > else do I need to do? I just want one account to be able to FTP upload > files to this server. > > Kevin-- Gilles R. Detillieux E-mail: grdetil@scrc.umanitoba.ca Spinal Cord Research Centre WWW: http://www.scrc.umanitoba.ca/ Dept. Physiology, U. of Manitoba Winnipeg, MB R3E 0J9 (Canada) _______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable