Jason, while I certainly appreciate everyone being very security focused here, I think this is getting a bit complex for editing webpages. Is the data in the webpages in any way confidential? If not then just use the ftp feature you mentioned in the editor.
I guess the question is if this information is worth the amount of trouble required to secure it? Is there any reason to expect an internal employee would spoof your MAC on the switch and sniff your network traffic? There are many situations where a decision is made that convenience or manageability is more important than security. Take NIS, NFS, HTTP, SMTP, POP3, and IMAP for example. So look at where you will be deploying a protocol (ie., internally) and decide if it's okay to lower your security requirements. In many situations it is okay. Regards, Dustin At 04:59 PM 6/26/2002 -0700, you wrote: >Jason: > I could be wrong on this one, but I do not think that FTP can be >used with ssh. The FTP protocol is too old and sends everything in >the clear. There is an sftp client, but I have not had any success >with it. There is a brief howto at sourceforge on it, but they >really do not seem to support the protocol. > >Doug Riddle > >--- Jason DeWitt <[EMAIL PROTECTED]> wrote: > > Most of this would be done on the local lan,I don't feel much like > > working > > when I get home, I just play games. =) > > > > Yeah, I can scp it up there, but then that negates the whole > > conversation, > > becasue I was wanting to get away from making a change to a file > > then having > > to upload it to the server every time. either via ftp or scp. I > > just > > realized I don't think I told everyone that I was talking about > > editing > > webpages here. > > > > I think I am going to try out that ftpfs, but back to our security > > discussion, can't you tunnel your ftp session through ssh? If so is > > that > > something that the server will have to be set up to allow? I would > > assume > > so. > > ----- Original Message ----- > > From: "John Hebert" <[EMAIL PROTECTED]> > > To: <[email protected]> > > Sent: Wednesday, June 26, 2002 5:08 PM > > Subject: Re: [brlug-general] vfs? > > > > > > > --- Jason DeWitt <[EMAIL PROTECTED]> wrote: > > > > well, that is kind of hard to answer. Our main > > > > production server is > > > > windows2000, and I have a small linux box running > > > > apache for my wife's > > > > website and I mess around on it too. If I am at > > > > work, I am accessing > > > > them from a Win2k workstation. If I'm at home, it > > > > will be either a Win2k > > > > box or Linux, depending on if I rebooted or not. =) > > > > > > Ai-yi-yi. > > > > > > > I know I could do either NFS or Samba, but aren't > > > > there considerable > > > > security risks? Especially doing NFS over the > > > > internet? I know windows > > > > file sharing is full of holes, since Samba is > > > > emulating that, does it > > > > have the same shortcomings? > > > > > > Sure, the same risks exist. But I was assuming a LAN. > > > If your connections are both LAN and Internet, then > > > you really should install OpenSSH 3.4 on your boxen > > > and just do 'scp file > > > [EMAIL PROTECTED]:/ftp/dir/blah/blah/'. You can compile > > > OpenSSH under cygwin or I _think_ ssh.com has an sshd > > > for Windoze boxes. > > > > > > You should not use valuable passwords over FTP over > > > the Internet, for all the reasons stated before. You > > > can configure ssh/scp to use locally stored keys and > > > therefore not need passwords, which is really more > > > secure than passwords, when you think about it. > > > > > > John Hebert > > > > > > > ha! It's amazing what you can find when you know the > > > > right words to > > > > search for in google! Have a look at this, > > > > > > > http://www.mandrakeuser.org/docs/connect/cnetips2.html > > > > > > > > John Hebert wrote: > > > > > What operating systems are you using on the client > > > > and > > > > > server, Jason? You can use NFS to mount remote > > > > > filesystems between UNIX boxen, and if your client > > > > is > > > > > a Windoze box and the server is a UNIX box, you > > > > can > > > > > use SAMBA to make the UNIX box look like a Windoze > > > > > box. > > > > > > > > > > But if mounting an FTP dir is what you want, I > > > > believe > > > > > it is doable, as I've heard of others in the past > > > > > doing it. I just don't know how. :P > > > > > > > > > > Good luck! > > > > > John Hebert > > > > > > > > > > --- Doug Riddle <[EMAIL PROTECTED]> wrote: > > > > > > > > > >>Jason: > > > > >> A couple of things... > > > > >> If the server is on your lan, then you > > > > probably > > > > >>do not have to > > > > >>use FTP to get to that directory. The FTP > > > > directory > > > > >>is just another > > > > >>directory on the sever. The server connects FTP > > > > >>requests to that > > > > >>directory as a an FTP share by default. If you > > > > can > > > > >>browse the > > > > >>server, you can probably mount that directory > > > > >>without FTP. (It helps > > > > >>to be admin to do that... ;->) > > > > >> A switched network is still venerable to > > > > >>sniffing, the nature of > > > > >>the switches or hubs doesn't stop a sniffer. > > > > >>However, if your LAN is > > > > >>locallized, and does not connect remote sites, > > > > then > > > > >>sniffing is less > > > > >>likely. > > > > >> For what you are doing, I would suggest > > > > trying > > > > >>to get the rights > > > > >>to access the sever without FTP. Barring that, > > > > you > > > > >>might look into > > > > >>tcl, or Midnight Commander. If they won't let you > > > > >>connect to the FTP > > > > >>share without FTP, they probably will not be happy > > > > >>with tcl though > > > > >>either. > > > > >> > > > > >>Doug Riddle > > > > >> > > > > >>--- Jason DeWitt <[EMAIL PROTECTED]> wrote: > > > > >> > > > > >>>Yeah, I'm looking for the convience. Plus, I'm on > > > > >> > > > > >>the same LAN as > > > > >> > > > > >>>where > > > > >>>I am transferring these files. It is a switched > > > > >> > > > > >>network, as I > > > > >> > > > > >>>understand > > > > >>>it you shouldn't be able to sniff that out. > > > > >>> > > > > >>>I've done some research, it seems that vfs is > > > > what > > > > >> > > > > >>allows you to > > > > >> > > > > >>>mount > > > > >>>diffrent filesystems to the one you are running. > > > > >> > > > > >>ie: fat32, ntfs, > > > > >> > > > > >>>the > > > > >>>bsd filesystem(can't remember name). Some of what > > > > >> > > > > >>I read, and what > > > > >> > > > > >>>I was > > > > >>>told before, makes me believe I should be able to > > > > >> > > > > >>mount an ftp > > > > >> > > > > >>>directory > > > > >>>as a dir on my local file system, then just save > > > > >> > > > > >>the files directly > > > > >> > > > > >>>to > > > > >>>it. Any ideas? > > > > >>> > > > > >>>Doug Riddle wrote: > > > > >>> > > > > >>>>I agree -- FTP, Telenet not to mention gopher > > > > >>> > > > > >>and a few others > > > > >> > > > > >>>are > > > > >>> > > > > >>>>going away just bcause of those issues. I don't > > > > >>> > > > > >>use emacs and > > > > >> > > > > >>>what I > > > > >>> > > > > >>>>know about it would fit on the head of a pin. I > > > > >>> > > > > >>tend to just > > > > >> > > > > >>>stick > > > > >>> > > > > >>>>with ssh2 at the bash prompt for anything > > > > >>> > > > > >>sensitive. If I can't > > > > >> > > > > >>>do > > > > >>> > > > > >>>>it from the shell, I am likely to use webmin. I > > > > >>> > > > > >>don't do that > > > > >> > > >=== message truncated === > > >===== >Warmest Regards, >Doug Riddle >http://www.dougriddle.com > >## Firearms are second only to the Constitution in importance; they are >the Peoples' Liberty Teeth." - George Washington ## > > >__________________________________________________ >Do You Yahoo!? >Yahoo! - Official partner of 2002 FIFA World Cup >http://fifaworldcup.yahoo.com > >_______________________________________________ >General mailing list >[email protected] >http://brlug.net/mailman/listinfo/general_brlug.net --- Dustin Puryear <[EMAIL PROTECTED]> UNIX and Network Consultant http://members.telocity.com/~dpuryear PGP Key available at http://www.us.pgp.net In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams
