I've been tasked to install a new SFTP server. Per-se, this is a very simple operation: simply using the internal-sftp role of the ubiquitous SSH service (with chrooting) is sufficient to have a reliable SFTP server.
However it's in my nature to always try at least two different approach for the same problem, and I realized I can use ProFTPD with a sftp plugin to do the same thing, with the added benefit of more granular filetransfer-related options (eg: bandwidth throttling). On the other hand, this plugin is not compiled (and bundled) by default, and I would like to avoid (perhaps) "less tested" solution.
At the moment, the only required service is SFTP; however, I'm playing in advance and I would like to implement a solution which can not only work with SFTP, but with FTP/S also.
Considering that I am going to chroot users inside their homes, what do you feel is a better solution?
- use SSH
internal-sftpand a standalone FTP server (vsftpdorproftpd) for FTP/S services - only use the ProFTPD service with the relevant plugin
Best Answer
SSH's sftp server has some additional requirements for chroot directories, ie. user cant have write access to chroot dir in some enviroments this might be a problem.
If You also need ftp/ftps I would suggest giving mod_sftp a go. We are using it in production on about 20 servers with over 10k accounts with almost nil problems (sftp is the least used protocol). The downside might be that it doesn't support password authentication method, but it supports rsa key and keyboard-interactive so it is only a problem for very old clients.