This Hacker News story is all about the downsides of FTP. The only reason I might set up FTP is that it's easy.
I know about and use scp already, but sometimes I want to share files with someone without giving them ssh access to my server. I want them to be able to upload and download files, but nothing else, and I want to restrict them to a single directory. I also want their connection to be encrypted like ssh.
What are some alternatives to FTP that meet these criteria?
Proftpd has a built-in sftp server that would allow you to completely segregate users from sshd for the purposes of file transfers. You can set it up so that it uses a completely separate passwd file to even further isolate them (it's hard to login to a system with ssh and break through a chroot if you don't actually have a user in /etc/passwd ...)
proftpd also allows you to chroot and isolate the sftp user to a set of directories pretty easily.
We do something like this:
LoadModule mod_sftp.c
<VirtualHost 10.1.1.217>
ServerName "ftp.example.com"
# from http://www.proftpd.org/docs/howto/NAT.html
MasqueradeAddress 1.2.3.4
PassivePorts 27001 27050
UseSendfile off
ExtendedLog /var/log/proftpd/access.log WRITE,READ default
ExtendedLog /var/log/proftpd/auth.log AUTH auth
AuthUserFile /etc/proftpd/AuthUsersFile
AuthOrder mod_auth_file.c
<IfModule mod_sftp.c>
Port 10022
SFTPAuthorizedUserKeys file:/etc/proftpd/ssh_authorized_keys/%u
SFTPEngine On
SFTPLog /var/log/proftpd/sftp.log
SFTPHostKey /etc/ssh/proftpd-ssh_host_rsa_key
SFTPHostKey /etc/ssh/proftpd-ssh_host_dsa_key
MaxLoginAttempts 6
</IfModule>
</VirtualHost>
I would use WebDav with a https enabled server! The authentication is then base on the standard http authorization scheme. A guide to set up webdav with apache can be found here then it is only neccessary to put that resource behind https, and here I found a nice description how to do that.
You didn't specify "free" as a requirement, so I'm going to throw out the Mass Transit package by grouplogic. It's probably a bit overkill for most people, and out of their price range, but the feature suite is nothing short of freaking fantastic. Get a second Mass Transit server and light up automation and you're moving some files really fast.
You can setup sftp that uses ssh in a mode similar to ftp.
You can create some users (one or more, it depends on if it's ok or not for each user to access each other's files) in your machine, give them shell /bin/false and chroot each user to some directory where those files are to be placed.
You can use pure-ftpd with enabled TLS encryption. The configuration is very simple, to enable encryption uncomment TLS option in config file(one line only :) ), configure your clients to connect via ftps and thats it. (You must remember that not all ftp clients support ftps ).
You could enable up- and downloads with rsync over ssh without allowing logins by setting rsync as the login shell for the user. This enables all the goodies of ssh, including certificate logins, encryption and standard filesystem permissions operation while not enabling shell accounts (as the account won't have a shell but rsync =)).
