SSH also allows tunnels to be created both ways over the same channel. And since it's encrypted, nobody would know that's going on. That scares me a lot more than usernames and passwords being exposed. That can be mitigated by protecting the payload. Or maybe the two parties have a VPN. Or maybe the value of the information is inconsequential.<div>
<br></div><div>I don't know what went into their decision and what security concerns they have, but I wouldn't immediately discount their security team based on that decision alone. As Bruce Schneier said, "If you think encryption will solve your problem, you don't understand your problem and you don't understand encryption."<br>
<div><br></div><div>Sean<br><div><div><br></div><div><br><div class="gmail_quote">On Tue, Mar 22, 2011 at 1:44 PM, Gilles Detillieux <span dir="ltr"><<a href="mailto:grdetil@scrc.umanitoba.ca">grdetil@scrc.umanitoba.ca</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hmm. So Security would prefer the use of protocols that send passwords<br>
as plain text, rather than encrypted??? Would these crocodiles happen<br>
to live next door to a zeeba?<br>
<div class="im"><br>
On 22/03/2011 1:17 PM, Kevin McGregor wrote:<br>
> Thanks for the suggestion, Gilles. Alas, getting Security at the City to<br>
> allow SSH out is like pulling teeth from a very hungry crocodile -- I'd<br>
> like to avoid both. I'd totally prefer SSH, but it's not an option.<br>
><br>
> On Tue, Mar 22, 2011 at 12:51 PM, Gilles Detillieux<br>
</div><div><div></div><div class="h5">> <<a href="mailto:grdetil@scrc.umanitoba.ca">grdetil@scrc.umanitoba.ca</a> <mailto:<a href="mailto:grdetil@scrc.umanitoba.ca">grdetil@scrc.umanitoba.ca</a>>> wrote:<br>
><br>
> Also check your userlist_* options in vsftpd.conf. If userlist_enable<br>
> is YES, then make sure the login name you're using isn't in the<br>
> user_list file (or is if userlist_deny=NO). You may want to check the<br>
> PAM configuration as well, as it can add another layer, and another<br>
> allow/deny list as it does on RHEL systems.<br>
><br>
> You could also enable the dual_log_enable and syslog_enable options, as<br>
> this may give you a bit more feedback in your logs to help get to the<br>
> bottom of this.<br>
><br>
> If all else fails, install/enable sshd and switch from FTP to SFTP. ;-)<br>
><br>
> Gilles<br>
><br>
> On 22/03/2011 12:27 PM, Kevin McGregor wrote:<br>
> > Maybe someone can throw in their two cents on this:<br>
> ><br>
> > I installed vsftpd on my Ubuntu 10.04 server, and I set<br>
> ><br>
> > local_enable=YES<br>
> > write_enable=YES<br>
> ><br>
> > When I FTP to the server, I get prompted for a username and password,<br>
> > but it seems to just reject it and ask for username/password<br>
> again. What<br>
> > else do I need to do? I just want one account to be able to FTP<br>
> upload<br>
> > files to this server.<br>
> ><br>
> > Kevin<br>
<br>
--<br>
Gilles R. Detillieux E-mail: <<a href="mailto:grdetil@scrc.umanitoba.ca">grdetil@scrc.umanitoba.ca</a>><br>
Spinal Cord Research Centre WWW: <a href="http://www.scrc.umanitoba.ca/" target="_blank">http://www.scrc.umanitoba.ca/</a><br>
Dept. Physiology, U. of Manitoba Winnipeg, MB R3E 0J9 (Canada)<br>
_______________________________________________<br>
Roundtable mailing list<br>
<a href="mailto:Roundtable@muug.mb.ca">Roundtable@muug.mb.ca</a><br>
<a href="http://www.muug.mb.ca/mailman/listinfo/roundtable" target="_blank">http://www.muug.mb.ca/mailman/listinfo/roundtable</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Sean Walberg <<a href="mailto:sean@ertw.com" target="_blank">sean@ertw.com</a>> <a href="http://ertw.com/" target="_blank">http://ertw.com/</a><br>
</div></div></div></div>