Eugene Crosser schrieb: >On Wed, 2003-04-02 at 19:27, FENiL PATEL wrote: > > >>Can anyone recommend me a good way to secure FTP on RAQ4? >> >> >>I am looking for data tunnel & authentication encryption without a use >>of third party software on client side. >> >> > >This can hardly be accomplished without third party software on the >client side. They will need to either install secure clone of FTP or >tunelling/VPN client. > There is a real EASY way ;-)
get proftpd version 1.2.8 http://proftpd.linux.co.uk/ and compile it after macking a backup of /usr/sbin/proftpd copy it there. change/add some lines to your /etc/proftpd.conf like: *** file /etc/proftpd.conf *** . . . ServerName "ProFTPD" ServerType inetd DeferWelcome off DefaultServer on . . . # Port 21 is the standard FTP port. Port 21 . . . <Global> . . . # Security issue about WS-FTP to accept certificates <IfModule mod_tls.c> # TLS/SSL Security Engine TLSEngine on TLSLog /var/log/auth # TLSProtocol directive is used to configure # the SSL/TLS protocol versions (SSLv3,TLSv1,SSLv23) # TLSProtocol SSLv23 # Are clients required to use FTP over TLS when talking to this server? # SSL/TLS only (on), Data Channel (data), Control Channel (ctrl), or No (off) TLSRequired off # Server's certificate TLSRSACertificateFile /usr/local/ssl/certs/ftpd-rsa.pem TLSRSACertificateKeyFile /usr/local/ssl/certs/ftpd-rsa-key.pem TLSDSACertificateFile /usr/local/ssl/certs/ftpd-dsa.pem TLSDSACertificateKeyFile /usr/local/ssl/certs/ftpd-dsa-key.pem </IfModule> . . . </Global> *** file end *** create the certificates or maybe use some from versign & Co. now you could use a TLS/SSL capabel FTP Client like WS-FTP Pro (comercial) or the free SmartFTP v1.0 from http://www.smartftp.com ;-) > >But you can make them upload files over HTTPS. > uhhh ... possible ... but that is real ugly ;-) >Which is probably the easiest way. Alternatives are: install VPN server > > >on your RaQ and let people establish VPN before file transferring, use > > >some "secure FTP" >(*), or use scp (part of ssh). > scp is nice ... but it's no question compared to window based ftp tools >(*) http://www.cs.berkeley.edu/~smcpeak/SafeTP/ > http://www.glub.com/products/secureftp/ > >Eugene > > > regards -- �,���`���,�_�,���`���,�_�,������,�_�,���`���,�_�,������,� G�tz Lohmann | D-Mannheim | Web-Developer & Sys-Admin --------------------------------------------------------- He's the fellow that people wonder what he does and why the company needs him, until he goes on vacation. �,���`���,�_�,���`���,�_�,������,�_�,���`���,�_�,������,� _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
