> The simple fact that we do not run FTP on the hosts at all for security
> reasons. The only way onto the host is via SSH given we have no
> firewall. IPChains is configured on the host, and I could add rules for
> FTP, but the word from above me is no FTP port will be opened. Thus the
> desire for automated ssh or similar. Kerberos etc are also out at the
> moment, as I don't have the time to learn those.
Since you do not have the ability to open ports then any application
that requires the use of a closed port is off limits to you.
Therefore, it appears that nothing other than SSH will be useable.
> However, an SSL tunnel may well work, but it comes back to passwords
> stored in files and requiring FTP to be running.
Using SSL/TLS for FTP does not require passwords. X.509 certificates
or Kerberos 5 credentials can be used for client authentication of
SSL/TLS connections.
Another choice that you probably can't use is the Internet Kermit
Service. You can install this on any port (although the standard
port is 1649.) It offers secure file transfer using SSL/TLS for
encryption.
Jeffrey Altman * Sr.Software Designer
The Kermit Project * Columbia University
612 West 115th St * New York, NY * 10025 * USA
http://www.kermit-project.org/ * [EMAIL PROTECTED]
