You are not logged in.

#1 2008-12-24 11:25:10

Xyne
Administrator/PM
Registered: 2008-08-03
Posts: 6,963
Website

sftp vs ftps, virtual users or pre-shared keys... any alternatives?

openssh enables users to identify themselves using pre-shared keys, which I prefer to passwords (more for the sake of security than convenience), but I can't find a way to support virtual users which means that everyone logging in must have a system account, which really seems inelegant, especially for temporary transfers. Re-using a single account or juggling a few while changing the passwords now and then seems to be the best option (along with disabling the shell, but I haven't actually gotten that far yet) but it just feels kludgy.

vsftps enables virtual users that can be chrooted to their own directories and are simple to add/remove, which really is quite nice, but it requires the use of a self-signed certificate which feels ungainly and there seems to be no support for using pre-shared keys instead of passwords.

Is there any way to create virtual users for openssh or use pre-shared keys with vsftps?

If not (or even if), what do you see as the pros and cons of one vs the other? What other methods/apps would you use to securely transfer files from one system to another without an external server?


p.s. Think of this as a game/thought experiment. Don't focus on why you'd want to do this, only how.


My Arch Linux StuffForum EtiquetteCommunity Ethos - Arch is not for everyone

Offline

Board footer

Powered by FluxBB