Re: recommendations for FTP server (fwd)
From:[EMAIL PROTECTED] To: Stephen Gran [EMAIL PROTECTED] Subject: Re: recommendations for FTP server Date:Fri, 20 Jun 2003 18:37:43 + If security is a concern, you might want to use SecureFTP instead. It is part of the OpenSSH package. The sftp client is a part of most Linux and BSD (including MacOS X) distros and there are also sftp clients for MacIntosh http://ca.huji.ac.il/services/internet/ssh/macsftp.shtml and Windows http://www.chiark.greenend.org.uk/~sgtatham/putty/ . Hello all, I am thinking about setting up an FTP server to be used by myself and a couple of friends. The box it will be running on is basically stock Woody, and is currently only running apache and NAT'ing for a LAN. I'd like the FTP server to not allow anonymous logins (which I assume most can do), chroot users to their home directories, and have some sort of encrypted connections (over SSL would be nice). I have thought about just using sftp, but currently ssh connections are rerouted to another box on the LAN, and I'd like to leave that set up as is, if possible. I see that proftpd is the example used in the 'securing Debian' manual, but it doesn't appear to be able to use SSL. OTOH, ftpd-ssl doesn't appear to do chroot'ing, at least not at a quick glance. Anybody know of one that combines these features? I suppose there is always stunnel, although I have never tried to use it for FTP. Any recommendations, experiences, thoughts? -- -- | Stephen Gran | The proof of the pudding is in the | | [EMAIL PROTECTED] | eating. -- Miguel de Cervantes| | http://www.lobefin.net/~steve | | -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: recommendations for FTP server (fwd)
From:[EMAIL PROTECTED] To: Dariush Pietrzak [EMAIL PROTECTED] Subject: Re: recommendations for FTP server Date:Sat, 21 Jun 2003 01:09:45 + I know about SSL/TLS support in Proftp, the only problem is that few clients support it (thanks fot the link to the Woody backport). I would use it if I could find clients that are supported by multiple OSes. Are there any SSL/TLS clients for Windows, OS X or Mac 9x? Proftpd does support SSL/TLS. It's a module that comes with it, it's just not enabled by default. Some nice docs here: http://www.castaglia.org/proftpd/modules/mod_tls.html http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html Actually... it's enabled by default, that's why it says 'no certificate found' when you start it the first time. Neither sftp nor anything else is a 'drop-in' replacement for ftp. The only problem with TLS/SSL in ftp is that there are not that many clients that support that - there are NONE in woody. You need to backport lftp from sid or compile it yourself ( I've got my backport available from http://eyck.forumakad.pl/woody ./ ) There are few other options - tlswrap changes every passive-capable ftp client into TLS-capable ftp client, there is this nice POSIX/Windoze lundfxp client etc.. The way I see it, sftp is way less secure way of providing access to files then tls/ftp, you see, you need to create valid ssh-able accounts for all your users, then it'll take you some time to secure those accounts just a bit ( scp-only acount? - great, if you wanna play around and compile special shell... there is no scp-shell in woody, there is one in sid. Is it safe enough? Who knows ). With ftp users need no shell, need no nothing. I create unlimited number of users and worry not -- Dariush Pietrzak, I ain't the sharpest tool in a shed. Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: recommendations for FTP server (fwd)
From:[EMAIL PROTECTED] To: Stephen Gran [EMAIL PROTECTED] Subject: Re: recommendations for FTP server Date:Fri, 20 Jun 2003 18:37:43 + If security is a concern, you might want to use SecureFTP instead. It is part of the OpenSSH package. The sftp client is a part of most Linux and BSD (including MacOS X) distros and there are also sftp clients for MacIntosh http://ca.huji.ac.il/services/internet/ssh/macsftp.shtml and Windows http://www.chiark.greenend.org.uk/~sgtatham/putty/ . Hello all, I am thinking about setting up an FTP server to be used by myself and a couple of friends. The box it will be running on is basically stock Woody, and is currently only running apache and NAT'ing for a LAN. I'd like the FTP server to not allow anonymous logins (which I assume most can do), chroot users to their home directories, and have some sort of encrypted connections (over SSL would be nice). I have thought about just using sftp, but currently ssh connections are rerouted to another box on the LAN, and I'd like to leave that set up as is, if possible. I see that proftpd is the example used in the 'securing Debian' manual, but it doesn't appear to be able to use SSL. OTOH, ftpd-ssl doesn't appear to do chroot'ing, at least not at a quick glance. Anybody know of one that combines these features? I suppose there is always stunnel, although I have never tried to use it for FTP. Any recommendations, experiences, thoughts? -- -- | Stephen Gran | The proof of the pudding is in the | | [EMAIL PROTECTED] | eating. -- Miguel de Cervantes| | http://www.lobefin.net/~steve | | --
Re: recommendations for FTP server (fwd)
From:[EMAIL PROTECTED] To: Dariush Pietrzak [EMAIL PROTECTED] Subject: Re: recommendations for FTP server Date:Sat, 21 Jun 2003 01:09:45 + I know about SSL/TLS support in Proftp, the only problem is that few clients support it (thanks fot the link to the Woody backport). I would use it if I could find clients that are supported by multiple OSes. Are there any SSL/TLS clients for Windows, OS X or Mac 9x? Proftpd does support SSL/TLS. It's a module that comes with it, it's just not enabled by default. Some nice docs here: http://www.castaglia.org/proftpd/modules/mod_tls.html http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html Actually... it's enabled by default, that's why it says 'no certificate found' when you start it the first time. Neither sftp nor anything else is a 'drop-in' replacement for ftp. The only problem with TLS/SSL in ftp is that there are not that many clients that support that - there are NONE in woody. You need to backport lftp from sid or compile it yourself ( I've got my backport available from http://eyck.forumakad.pl/woody ./ ) There are few other options - tlswrap changes every passive-capable ftp client into TLS-capable ftp client, there is this nice POSIX/Windoze lundfxp client etc.. The way I see it, sftp is way less secure way of providing access to files then tls/ftp, you see, you need to create valid ssh-able accounts for all your users, then it'll take you some time to secure those accounts just a bit ( scp-only acount? - great, if you wanna play around and compile special shell... there is no scp-shell in woody, there is one in sid. Is it safe enough? Who knows ). With ftp users need no shell, need no nothing. I create unlimited number of users and worry not -- Dariush Pietrzak, I ain't the sharpest tool in a shed. Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
