Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

secure FTP

2 views
Skip to first unread message

Luke

unread,
Feb 5, 2001, 5:56:53 PM2/5/01
to
Right now I have a test server sitting behind a firewall. The only port I
have open on the firewall is ssh and I have changed it from the standard to
a really high random unpriv port so scanners don't find it. After securely
getting into the firewall, I can telnet into the other machine... Now, I
want to be able to ftp into the machine, so I have the firewall forward the
port to the server (and have disabled ftp on the firewall), but with FTP
aren't passwords sent in the clear? So someone with a sniffer on my subnet
here at school, or on the subnet on the remote side, or heck anywhere on the
line can get a username and password which also happens to be valid for
logging in. So at the least they could ftp in and delete files and such,
and browse around the computer and gather info. At worst, if they noticed
activity on the afformentioned high port and surmised it is ssh or the like,
they could log in and get a shell and cause all kinds of trouble even with
an unpriviledged account...

I'm not sure about how to secure this. Make a special account seperate from
my normal one just for FTP'ing and heavily restrict it? Of course disallow
anonymous connections... Require the password on the special account be
changed frequently? Set the special user's shell interpreter to something
like /dev/null (how do you do it so it just immediately kicks them off?)

I would like to store files and backups and such on the remote server, but
it just seems too insecure. Is there possibly a way to tunnel an ftp
connection through ssh? How would that be done?

Thanks for any insight to a novice
Luke


Angry Bob

unread,
Feb 5, 2001, 8:16:04 PM2/5/01
to
What would you like to read? [LLoe...@home.com or ?*]

this is a Luke scroll! it says:

> I would like to store files and backups and such on the remote server, but
> it just seems too insecure. Is there possibly a way to tunnel an ftp
> connection through ssh? How would that be done?

man scp

--
AngryBob
Who is this girl and why is she wearing my pants!?!?
--Nick Black (from right behind me)

Christer Johansson

unread,
Feb 6, 2001, 4:02:13 AM2/6/01
to
Check out
http://safetp.cs.berkeley.edu
/Christer

Tim Haynes

unread,
Feb 6, 2001, 4:43:27 AM2/6/01
to
Angry Bob <angr...@havoc.gtf.org> writes:

> What would you like to read? [LLoe...@home.com or ?*]
> this is a Luke scroll! it says:
>
> > I would like to store files and backups and such on the remote server,
> > but it just seems too insecure. Is there possibly a way to tunnel an
> > ftp connection through ssh? How would that be done?
>
> man scp

A variation that I think you'll find more flexible, btw, and better suited
to generating backups straight to remote tape:

here# find /data -mtime -1 ! -name \*.bak | cpio -H tar -ov \
| ssh -i ~/.ssh/backup backup@there "cat >> /dev/tape"

That way the `backup' identity can have no passphrase if that's what you
want, but obviously it must be tied to a specific IP# on `there'. But at
least you get to do it all with a pipe and can specify whatever criteria
you like with `find'.

~Tim
--
It's all over the front page |pig...@glutinous.custard.org
You give me road rage |http://piglet.is.dreaming.org
Racing through the best days |

0 new messages