Bug#436053: sftp at port 115 is not the secure file transfer protocol
Package: fail2ban Version: 0.8.0-4 The ssh and ssh-ddos sections in /etc/fail2ban/jail.conf have port = ssh,sftp. However, secure ftp runs over port 22 like regular ssh. (Instead of starting an interactive session after authentication, the sftp client requests the sftp module.) Port 115 is the Simple File Transfer Protocol[1], which is marked by the IETF as historic[2]. Please consider adjusting the default configuration to only specify port = ssh for these sections. [1] http://www.ietf.org/rfc/rfc913.txt [2] ftp://ftp.isi.edu/in-notes/rfc-index.txt -- Paul Collins Wellington, New Zealand Dag vijandelijk luchtschip de huismeester is dood -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#436053: sftp at port 115 is not the secure file transfer protocol
Thank you for the information, but what harm really it does banning 'historic' sftp as well... I don't see any bug in this. On Sun, 05 Aug 2007, Paul Collins wrote: Package: fail2ban Version: 0.8.0-4 The ssh and ssh-ddos sections in /etc/fail2ban/jail.conf have port = ssh,sftp. However, secure ftp runs over port 22 like regular ssh. (Instead of starting an interactive session after authentication, the sftp client requests the sftp module.) Port 115 is the Simple File Transfer Protocol[1], which is marked by the IETF as historic[2]. Please consider adjusting the default configuration to only specify port = ssh for these sections. [1] http://www.ietf.org/rfc/rfc913.txt [2] ftp://ftp.isi.edu/in-notes/rfc-index.txt -- Yaroslav Halchenko Research Assistant, Psychology Department, Rutgers-Newark Student Ph.D. @ CS Dept. NJIT Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171 101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#436053: sftp at port 115 is not the secure file transfer protocol
Yaroslav Halchenko [EMAIL PROTECTED] writes: Thank you for the information, but what harm really it does banning 'historic' sftp as well... I don't see any bug in this. I feel it is always best not to surprise the user. I was certainly surprised when I found fail2ban banning services unrelated to the services I had told it to ban. It is by no means a serious bug, so please feel free to tag it wontfix. Regards, -- Paul Collins Wellington, New Zealand Dag vijandelijk luchtschip de huismeester is dood -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
