# Recommendation for FTP daemon

## lightweave

Since I need to have an FTP I wonder what would be the best to emerge. Previously I emerged ftpd but I ahd some issues with it. I never managed to get it working to allow login only for selected users only. It either allowed all, including anonymous or it allowed none. I also tried to configure /etc/ftpusers but that didn't help either. So either I did something wrong or this ftp is not what I was looking for.

I don't want to have anonymous access and I want to be able to allow ONLY specified users which have permissions for ftp. everybody else should get denied.

Any recommendations?

----------

## Crisis

I've always liked vsftpd

----------

## Rad

I believe you'll like pure-ftpd or vsftpd. The first one offers more options for easy configuration, btw.

----------

## Voorhees51

I use PureFTPd it works great 

  check it out www.pureftpd.org

----------

## UberLord

vsftpd

Personally I dislike the way you configure pureftp through all those switches.

----------

## HAL_9000

 *lightweave wrote:*   

> Since I need to have an FTP I wonder what would be the best to emerge. Previously I emerged ftpd but I ahd some issues with it. I never managed to get it working to allow login only for selected users only. It either allowed all, including anonymous or it allowed none. I also tried to configure /etc/ftpusers but that didn't help either. So either I did something wrong or this ftp is not what I was looking for.
> 
> I don't want to have anonymous access and I want to be able to allow ONLY specified users which have permissions for ftp. everybody else should get denied.
> 
> Any recommendations?

 

ProFTPd  :Wink: 

pretty secure, pretty easy :>

----------

## krolden

Seconds.

----------

## lightweave

Thanksfor all the replies. ! I guess I will give Pure FTP a try, because from the feature list it sounds exactly like what I had in mind.  :Smile: 

----------

## JeffBlair

If you have webmin installed there is a module already installed to configure it. You can also set it up with MySQL if you want.  here is a link on the HOWTO.

----------

## Hoshimaru

vsftpd

It's really sweet and easy to configure ^^

Even setting it up for FXP is easy or chrooting users etc.

By they way, is there're a way to create a virtual user, that's not a linux user ?

----------

## wjholden

 *Hoshimaru wrote:*   

> By they way, is there're a way to create a virtual user, that's not a linux user ?

 AFAIK, no, but with good use of groups and shells you can prevent that user from doing much of anything.

VSFTPD -- see my signiture for a howto.

----------

## UberLord

 *Hoshimaru wrote:*   

> By they way, is there're a way to create a virtual user, that's not a linux user ?

 

Sure!

vsftpd can use pam - if compiled for pam.

As such, any virtual users that pam can see via the pam.d/vsftpd service (stable vsftpd) or the pam.d/ftp service (unstable) then vsftpd can use them  :Smile: 

As such they can be LDAP, MySQL, Kerberos, etc.

I use LDAP myself.

----------

## nevynxxx

I'd say openSSH. Especially if you don't want anonymouse access.

----------

## UberLord

 *nevynxxx wrote:*   

> I'd say openSSH. Especially if you don't want anonymouse access.

 

heh

vsftpd, proftpd, pureftp all support FTP+TLS which means you can secure both the data and action channels.

You can also block anonymous access easily

OpenSSH is not good for FTP

----------

## wjholden

 *UberLord wrote:*   

>  *nevynxxx wrote:*   I'd say openSSH. Especially if you don't want anonymouse access. 
> 
> heh
> 
> vsftpd, proftpd, pureftp all support FTP+TLS which means you can secure both the data and action channels.
> ...

 

I think he means using OpenSSH for SFTP/SCP transfers.  It is possible to implement SSH authentication for FTP, though.  I've noticed that on a Win32 host the maximum thoroughput for SFTP is around 10Mbps, whereas the same machine to my server can break 50Mbps over FTP.

Why would anyone use FTP for anything but anonymous when you've got SFTP?  I use SFTP for moving all my files that I don't want to world to see with Konqueror (enter sftp://host in the address bar).  I have an anonymous read-only ftp server for moving large files that would be annoying to click on in a webbrowser, and webserver for everything else.

----------

## Hoshimaru

Excellent  :Smile: 

PAM here I come

----------

## nevynxxx

I meant exactly what destuxor said.

If you want secure, and non-anonymouse, then sftp is perfect.

I havn't noticed the transfer limitations, but most of what I doo is over 1Mb DSL anyway.

Also, being able to not bother with paswords (apart from once a day when I log on at work) is nice. I have public keys set up and so can scp or sftp (i prefer sftp) at anytime, with no password request.

Can you do that with ftp/TLS?? (without leaving the connection open)

Anyway just my humble....

----------

## UberLord

 *nevynxxx wrote:*   

> Also, being able to not bother with paswords (apart from once a day when I log on at work) is nice. I have public keys set up and so can scp or sftp (i prefer sftp) at anytime, with no password request.
> 
> Can you do that with ftp/TLS?? (without leaving the connection open)
> 
> 

 

No you cannot - at least AFAIK.

However, you do need to specify at least the username if it's different from the one your connecting to which sometimes makes things a moot point.

The one bad thing about passwordless certs is that it just takes someone to crack your machine, get the cert and hey presto - they have the same access that you did. Unless you use something like keychain with passworded certs.

----------

## bertaboy

proftp has worked for me since my Slackware days.  I havn't figured out how to get an FTP server to get past my router, but that's kind of moot since I'm going to be behind a router that I can't modify next semester....

----------

## nevynxxx

 *UberLord wrote:*   

> 
> 
> However, you do need to specify at least the username if it's different from the one your connecting to which sometimes makes things a moot point.

 

This can be done in the software of most clients (WinSCP3 at least)

 *UberLord wrote:*   

> 
> 
> The one bad thing about passwordless certs is that it just takes someone to crack your machine, get the cert and hey presto - they have the same access that you did. Unless you use something like keychain with passworded certs.

 

Obviously there is always that.

If you are bothered about this situation then simply don't use an agent, and keep the cert on a usbkey that never leaves your person.

I'd rather be able to just log on as I wish while at work, but other systems are set up like that.

----------

## Russel-Athletic

I use vsftpd on our Lan-Server.

I first installed proftpd, but it was really slow on the connecting and other ftp commands. Perhaps a configuration fault but i was to lazy to look in it. Furthermore we had no Internet there and i was graceful, that the Packet for vsftpd was already on the harddisk.

----------

## groovin

another vote for vsftp

----------

## UberLord

There's a few vsftpd users here - anyone running 2.0.3-r1? If so, comments? Good, bad, no difference?

Just curious as it features a new ftpbase package that proftpd and pure-ftpd will (hopefully) soon be using as well

----------

## rounz

glftpd is worth a look  :Smile: 

----------

## mieses

i'm testing vsftpd 2.0.3-r1.

vsftpd ignores /etc/localtime when "chroot_local_user=YES" and assumes GMT instead.  the only way to override this is to copy /etc/localtime to every user's home directory,  which I'm not excited about.

otherwise, vsftpd seems ok.

----------

## audiodef

I have vsftpd running. I can connect with a local username from the machine it's on, but when I try to upload something I get permission denied. What did I miss?

----------

## mieses

look over your vsftpd.conf file very carefully.  and read the man page.

http://vsftpd.beasts.org/vsftpd_conf.html

vsftpd has very secure and restrictive default settings.

can you post the conf file?

----------

## audiodef

I took your advice and looked more carefully at the conf file, set some other options, and it's working now. Thanks!

----------

