Hello all,
I am researching ways to allow Windoze users to FTP into machines
securely, without forcing them to use an SCP client for Windoze. These
users aren't technical and get very confused and call me at home when
they're forced to do anything beyond the very most basic use of their
computers. Trying to get them to use Putty would be like trying to get
water from a stone. :-)
I currently have their accounts chroot'ed and none of them have
shells, this obviously is only safe to a degree, because security exploits
are periodically found in most popular ftp daemons that allow the bad guys
to bad things.
I've thought of two possible solutions, both of which I can see
possible problems with:
1. Set up a sacrificial FTP host outside the firewall, which the
users can FTP stuff to. It's configuration will be minimal, and it will be
backed up to a write-protected tape. So that if someone compromises it, I
just blow it out and restore from tape. The "real" machine on the inside
of the firewall, ie: the one that actually needs to have the files they
just uploaded, has some scripting that runs on the cron, which has it SCP
into the sacrificial FTP host and suck all the files over. I might even go
a little further and run tests on the stuff that the user FTP'ed over
before SCP'ing it to the real machine.
So in a way, the first machine is a proxy for the real machines.
2. Set up some sort of web-based ftp mechanism, at allow people to
FTP stuff in.
Please any suggestions anyone has on how to do this would be
greatly appreciated.
Toby A. Rider
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
