Hi Chris B, I've been investigating sftp a while ago, but I gave up because I did not find it to work properly for me. In my case, any user was able to do a cd .. and get into folders all over my system. Is the sftp daemon in osx to be taken seriously? Can I use it to do a functional server for some 75 or more users that I once had on my old ftp server? These were my issues with it:
1. Users can get to all of the files on the serving mac, because I didn't find a way to lock them into their, or just a, specific home directory. You don't want everybody who wants radio plays from you, to download all private folders. Can I prevent that? 2. That port 22 thing is still a mystery to me. Can I open port 22, so that a user can get into my sftp server, but cannot log in using ssh and mess with my system? I don't get that yet. Regards, Paul. On Jan 3, 2014, at 5:36 PM, Chris Blouch <cblo...@aol.com> wrote: > Depends on which vintage of OSX you are running. FTP was dropped from the > sharing control panel a while ago but some variant of > > sudo -s launchctl load -w /System/Library/LaunchDaemons/ftp.plist > > will get it going again. The port issue will still exist along with security > problems with FTP in general. It's been a while since I checked into this but > in addition to opening port 21, once the connection is established the FTP > server will do all future connections through one or more other ports chosen > from a pool of available ports, usually ports 1024-5000. So you have to have > in and out traffic allowed on all those ports in your firewall, which is why > security people frown on FTP. sftp only needs port 22, which is the same port > as ssh. Also ftp sends all text in the clear such as usernames and passwords > while sftp encrypts everything. Just some stuff to google and think about. If > you're just doing this on your own internal network the sftp advantages > disappear. > > CB > > On 1/3/14 8:16 AM, Kjsc Radio wrote: >> >> There is two ways to enable it. One is to go in to the terminal and type >> in a command which I forgot at the moment. But the other one is, to go in >> to the server app if you have it. And that can also enable the service. >> Sent from my iPhone >> >>> On 2 Jan 2014, at 2:20 pm, Chris Blouch <cblo...@aol.com> wrote: >>> >>> Are you sure you want to do ftp and not sftp? ftp requires rather large >>> swaths of ports to be opened before it will work. How did you enable ftp on >>> your mac? >>> >>> CB >>> >>>> On 12/29/13 9:55 AM, Kjsc Radio wrote: >>>> Hello, I am thinking about setting up an FTP server using the server on >>>> Mac. I've done this before, but I have failed. Due to incorrect Port >>>> forwarding, I have forward ports 21 and other ports to make the FTP server >>>> work. But when one of my other machines connects to the network via FTP, >>>> it doesn't want to allow the connection. Is there any other ports that I >>>> should forward? >>>> >>>> Sent from my iPhone >>> -- >>> ¯\_(ツ)_/¯ >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "MacVisionaries" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to macvisionaries+unsubscr...@googlegroups.com. >>> To post to this group, send email to macvisionaries@googlegroups.com. >>> Visit this group at http://groups.google.com/group/macvisionaries. >>> For more options, visit https://groups.google.com/groups/opt_out. > > -- > ¯\_(ツ)_/¯ > > -- > You received this message because you are subscribed to the Google Groups > "MacVisionaries" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to macvisionaries+unsubscr...@googlegroups.com. > To post to this group, send email to macvisionaries@googlegroups.com. > Visit this group at http://groups.google.com/group/macvisionaries. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to macvisionaries+unsubscr...@googlegroups.com. To post to this group, send email to macvisionaries@googlegroups.com. Visit this group at http://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/groups/opt_out.
