[RndTbl] vsftp not connecting

Sean Walberg sean at ertw.com
Tue Mar 22 13:54:44 CDT 2011 

SSH also allows tunnels to be created both ways over the same channel. And
since it's encrypted, nobody would know that's going on. That scares me a
lot more than usernames and passwords being exposed. That can be mitigated
by protecting the payload. Or maybe the two parties have a VPN. Or maybe the
value of the information is inconsequential.

I don't know what went into their decision and what security concerns they
have, but I wouldn't immediately discount their security team based on that
decision alone. As Bruce Schneier said, "If you think encryption will solve
your problem, you don't understand your problem and you don't understand
encryption."

Sean


On Tue, Mar 22, 2011 at 1:44 PM, Gilles Detillieux <
grdetil at scrc.umanitoba.ca> wrote:

> Hmm.  So Security would prefer the use of protocols that send passwords
> as plain text, rather than encrypted???  Would these crocodiles happen
> to live next door to a zeeba?
>
> On 22/03/2011 1:17 PM, Kevin McGregor wrote:
> > Thanks for the suggestion, Gilles. Alas, getting Security at the City to
> > allow SSH out is like pulling teeth from a very hungry crocodile -- I'd
> > like to avoid both. I'd totally prefer SSH, but it's not an option.
> >
> > On Tue, Mar 22, 2011 at 12:51 PM, Gilles Detillieux
> > <grdetil at scrc.umanitoba.ca <mailto:grdetil at scrc.umanitoba.ca>> wrote:
> >
> >     Also check your userlist_* options in vsftpd.conf.  If
> userlist_enable
> >     is YES, then make sure the login name you're using isn't in the
> >     user_list file (or is if userlist_deny=NO).  You may want to check
> the
> >     PAM configuration as well, as it can add another layer, and another
> >     allow/deny list as it does on RHEL systems.
> >
> >     You could also enable the dual_log_enable and syslog_enable options,
> as
> >     this may give you a bit more feedback in your logs to help get to the
> >     bottom of this.
> >
> >     If all else fails, install/enable sshd and switch from FTP to SFTP.
>  ;-)
> >
> >     Gilles
> >
> >     On 22/03/2011 12:27 PM, Kevin McGregor wrote:
> >      > Maybe someone can throw in their two cents on this:
> >      >
> >      > I installed vsftpd on my Ubuntu 10.04 server, and I set
> >      >
> >      > local_enable=YES
> >      > write_enable=YES
> >      >
> >      > When I FTP to the server, I get prompted for a username and
> password,
> >      > but it seems to just reject it and ask for username/password
> >     again. What
> >      > else do I need to do? I just want one account to be able to FTP
> >     upload
> >      > files to this server.
> >      >
> >      > Kevin
>
> --
> Gilles R. Detillieux              E-mail: <grdetil at scrc.umanitoba.ca>
> Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
> Dept. Physiology, U. of Manitoba  Winnipeg, MB  R3E 0J9  (Canada)
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.mb.ca
> http://www.muug.mb.ca/mailman/listinfo/roundtable
>



-- 
Sean Walberg <sean at ertw.com>    http://ertw.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.muug.mb.ca/pipermail/roundtable/attachments/20110322/21981c76/attachment-0001.html

More information about the Roundtable mailing list