[ale] Secure FTP?
Jonathan Rickman
jonathan at xcorps.net
Thu Jul 26 09:48:55 EDT 2001
On Wed, 25 Jul 2001 djinn at djinnspace.com wrote:
> So how do I avoid clear text authentication? :)
Following up on my own post...
Another aspect to consider is that when using ssh/scp, you have to give the user
a shell on your machine. As far as I know, there is no way around this. If
someone knows of a way to avoid this (hint...Bob Toxen) I'd love to hear it. In
my opinion, there is a much greater risk involved there than with plain old ftp.
The chances of a user screwing up are much greater than the chances of an
intruder sniffing your passwords. Sticky notes, malicious employees, social
engineering, etc. all come into play.
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list