On Tue, 27 Feb 2001, Tod Hagan wrote:
> Is there a daemon I can run besides ftp which has clients which run on
> Windows and Macs to allow password protected access for uploading? This
> isn't for anonymous uploads.
For authenticated file transfers on public networks, I recommend against
plain old FTP. It transmits username and password in the clear, which is
inherently insecure.
Fortunately, those wonderful people over in OpenBSDville have made all our
lives much brighter by creating OpenSSH. Not only creating it, but enhancing
it on a regular basis. In its current incarnation, it supports SSH protocol
versions 1 and 2, SFTP client and server, port forwarding, X11 forwarding,
ssh-agent forwarding, AFS forwarding, and probably makes coffee, too. There
are even RPMs available on the distribution site for those who are too lazy to
compile from source. http://www.openssh.com
On the Windoze side of the world, I heartily recommend SecureCRT and
SecureFX, both from Van Dyke Software (http://www.vandyke.com). The former
provides a terminal emulator and SSH client; the later provides an interface
to secure file transfers using SSH. Both are excellent products.
If you are a true cheapskate, consider "PuTTY" and/or "Tera Term Pro". Both
provide some form of SSH support, although I would term it "barely adequate".
They are, however, free. I've also heard rumors of people using Cygwin to
compile OpenSSH clients, but I'm not sure that would be worth the pain.
On the Mac side of the world... umm.... Macs.. right... um... install Mac OS
X and use OpenSSH. ;-)
> Without the requirement for windows clients I'd just use scp and
> rsync.
rsync does a good deal more than just file transfers, which is what you
originally said you wanted. Do you want just file transfers ("uploads"), or
do you want full-blown automated incremental updates?
> Without the requirement for uploading I'd just use apache. (Come to
> think of it, HTTP may allow this. I need to look into it more.)
HTTP allows client-to-server file transfers, via the PUT method. However,
it suffers from the same problems that FTP does, W.R.T. cleartext password
authentication. On the other hand, HTTP+SSL is very common, and may be
sufficient for your needs.
> I hate ftp.
That is your prerogative.
> The design of the protocol itself is OLD, from the early 70s -- that's
> over 25 years! (see http://www.wu-ftpd.org/rfc/)
The concept of the stored-program computer is over a hundred years old. I
guess we should all switch to... um, what, exactly? :-)
> The protocol is also clunky, designed for manual use when today most
> people use GUI clients.
You are confusing the protocol with the presentation (AKA user interface).
The two have nothing to do with each other. You no more have to use
/usr/bin/ftp to browse an FTP site than you have to use /usr/bin/wget to
browse a web site. Try "gftp" (GNOME FTP) on Unix, or SecureFX (see above) on
Windoze.
> wu-ftpd is hard to administer ...
So don't use wuftpd. :-)
> Since [ProFTPd] runs as root, security holes result in a complete
> compromise of the server.
The Unix security model leaves authentication up to usermode programs.
This results in great flexibility (new authentication mechanisms do not
require kernel modifications), but it does mean your authenticators generally
have to have root privileges.
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
