right now, i would like to encrypt data tranmission over ftp. I considered sftp and fpts. After reading the www, I concluded there is a general tendency to favor sftp over ftps (eg. http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c14329/FTPS-vs-SFTP-What-to-Choose.htm). Two main arguments:
- sftp is more advance/secure
- sftp is easier to configure one server side
However, our ftp-server will be used by customers, so there is some flexibility requirement involved here.
As the server is configured right now:
- FTP enables log in only with virtual users
- SSHD has been configured to only accept Private-Public key authentication
SFTP uses SSH and requires for these virtual users to have their private key. However, this conflicts with our flexibility requirement, as we don't want to saddle up the customers with the installation of a PP.
I must say, I have not tested this virtual user and SSH approach troughly, so I am not sure wether it is even compatible with virtual users.
So, given our flexibility requirement and the assumption that virtual users will work over SSH, which of the following solutions should I favor?
- Enable password authentication within SSHD for the virtual users
- Opting for ftps (which seems to be labeled as "deprecated" by vsftpd)
thanks
FTPS is not atall deprecated. The implicit method of negotiation is. It can be very secure if configured correctly, and wont require you to enable password authentication within sshd
I wouldn't say FTPS is deprecated. It still is a viable option for secure file transfer.
The way you describe your situation makes it sound as if FTPS would be the most suitable solution for the problem you are trying to solve, but you fear it is old fashioned.
I wouldn't worry about that. If FTPS solves your problem, go for it.
A third option you could consider is WebDAV. Like with FTP, adding virtual user accounts can be very easy.