For #2, I found this hint which says you have to hack the login user's
ssh shell to use the sftp server so even if they come in that way they
get the same service.
http://hints.macworld.com/article.php?story=20020913055647558
For #1, I would think that the logged in user's access is restricted
through judicious use of permissions.
I had attempted to set up regular ftp to a mac behind a firewall some
time ago and never could get it to work right. The ssh stuff seems to
work without a hitch, as far as firewalls and connections go. I just
portmap 22 on my public ip side to 22 on the mac behind the firewall. Of
course, since it was just for me, I never played with all the shell
login hackery. I imagine you would hit bandwidth constraints before any
kind of sftp server performance issues would arise.
CB
On 1/5/14 1:05 PM, Paul Erkens wrote:
Hi Chris B,
I've been investigating sftp a while ago, but I gave up because I did not find
it to work properly for me. In my case, any user was able to do a cd .. and get
into folders all over my system. Is the sftp daemon in osx to be taken
seriously? Can I use it to do a functional server for some 75 or more users
that I once had on my old ftp server? These were my issues with it:
1. Users can get to all of the files on the serving mac, because I didn't find
a way to lock them into their, or just a, specific home directory. You don't
want everybody who wants radio plays from you, to download all private folders.
Can I prevent that?
2. That port 22 thing is still a mystery to me. Can I open port 22, so that a
user can get into my sftp server, but cannot log in using ssh and mess with my
system? I don't get that yet.
Regards,
Paul.
On Jan 3, 2014, at 5:36 PM, Chris Blouch <[email protected]> wrote:
Depends on which vintage of OSX you are running. FTP was dropped from the
sharing control panel a while ago but some variant of
sudo -s launchctl load -w /System/Library/LaunchDaemons/ftp.plist
will get it going again. The port issue will still exist along with security
problems with FTP in general. It's been a while since I checked into this but
in addition to opening port 21, once the connection is established the FTP
server will do all future connections through one or more other ports chosen
from a pool of available ports, usually ports 1024-5000. So you have to have in
and out traffic allowed on all those ports in your firewall, which is why
security people frown on FTP. sftp only needs port 22, which is the same port
as ssh. Also ftp sends all text in the clear such as usernames and passwords
while sftp encrypts everything. Just some stuff to google and think about. If
you're just doing this on your own internal network the sftp advantages
disappear.
CB
On 1/3/14 8:16 AM, Kjsc Radio wrote:
There is two ways to enable it. One is to go in to the terminal and type in
a command which I forgot at the moment. But the other one is, to go in to the
server app if you have it. And that can also enable the service. Sent from my
iPhone
On 2 Jan 2014, at 2:20 pm, Chris Blouch <[email protected]> wrote:
Are you sure you want to do ftp and not sftp? ftp requires rather large swaths
of ports to be opened before it will work. How did you enable ftp on your mac?
CB
On 12/29/13 9:55 AM, Kjsc Radio wrote:
Hello, I am thinking about setting up an FTP server using the server on Mac.
I've done this before, but I have failed. Due to incorrect Port forwarding, I
have forward ports 21 and other ports to make the FTP server work. But when one
of my other machines connects to the network via FTP, it doesn't want to allow
the connection. Is there any other ports that I should forward?
Sent from my iPhone
--
¯\_(ツ)_/¯
--
You received this message because you are subscribed to the Google Groups
"MacVisionaries" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/macvisionaries.
For more options, visit https://groups.google.com/groups/opt_out.
--
¯\_(ツ)_/¯
--
You received this message because you are subscribed to the Google Groups
"MacVisionaries" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/macvisionaries.
For more options, visit https://groups.google.com/groups/opt_out.
--
¯\_(ツ)_/¯
--
You received this message because you are subscribed to the Google Groups
"MacVisionaries" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/macvisionaries.
For more options, visit https://groups.google.com/groups/opt_out.
