[BlueOnyx:00338] Re: SSH file transfer

[Michael Stauber]

Hi Stephanie,

Somehow your emails got stuck in the moderation queue of the list (reason: 
post to a list without membership). Had to approve them manually and made sure 
your address is in the database.

> I think I would be happier with the option of using SSL with ftp. It does
> the secure trick. What I don't know is if proftp can use the cert of a
> given site readily. At worst, use the base server's certificate.
>
> The SSL solution would provide pretty much all the security benefit of the
> SCP solution but require (I think) a lot less work to get working and
> integrated into the GUI.

That's true. I tried to get secure FTP working with proftpd. If you look at 
/etc/proftpd.conf you'll see that it already has TLS provisions in it:

# TLS
<IfModule mod_tls.c>
   TLSEngine on     
   TLSLog /var/log/proftpd/tls.log
   TLSRequired off                
   TLSRSACertificateFile /etc/pki/dovecot/certs/dovecot.pem
   TLSRSACertificateKeyFile /etc/pki/dovecot/private/dovecot.pem
   TLSVerifyClient off                                          
   TLSOptions NoCertRequest                                     
   TLSRenegotiate required off                                  
</IfModule> 

Proftpd on CentOS5 is compiled with TLS support through mod_tls and with these 
options it should use the SSL certificate that Dovecot uses, too. However, 
when I test it with "FlashFXP" (pretty flashy FTP client for Windows which 
also supports SSL) it doesn't work - yet.

I then tought: "Could be the certificate" and tried a separate self signed 
certificate as per some Proftpd instructions. Didn't work either. I'll look 
into it a bit more, but as of now I fail to get that to work.

-- 
With best regards

Michael Stauber