ftp over ssh
Hello. How correctly to adjust this miracle? :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp over ssh
On 11/8/06, Gorobets Igor [EMAIL PROTECTED] wrote: Hello. How correctly to adjust this miracle? :-) man sftp ;-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp over ssh
I on ssh do the forward of port here thus ssh -L local_port:foo.com:remote_port foo.com. I should as make with ftp. On Wed, Nov 08, 2006 at 12:59 +0300, Andrew Pantyukhin wrote: On 11/8/06, Gorobets Igor [EMAIL PROTECTED] wrote: Hello. How correctly to adjust this miracle? :-) man sftp ;-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp over ssh
On 11/8/06, Gorobets Igor [EMAIL PROTECTED] wrote: I on ssh do the forward of port here thus ssh -L local_port:foo.com:remote_port foo.com. I should as make with ftp. What are you talking about? http://en.wikipedia.org/wiki/FTP_over_SSH ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp over ssh
On 11/8/06, Gorobets Igor [EMAIL PROTECTED] wrote: Hello. How correctly to adjust this miracle? :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] from http://forums.serverbeach.com/archive/index.php/t-2179.html FTP is insecure. Passwords are sent in plaintext for anyone to snoop. SFTP is secure, but to use SFTP you generally have to give a user SSH access. Which is not always desirable. So, to give a user SFTP access without SSH access, set their shell to /usr/libexec/openssh/sftp-server instead of /bin/sh or /bin/bash. If your sftp-server is not there, use locate sftp-server to find it. in freebsd sftp-server is located in the /usr/libexec directory. another solution is to use rssh (meaning restricted ssh) from rssh faq Q: Why did you write this software? A: Mainly, because the question of how to restrict access to scp or sftp only kept coming up on a few different mailing lists I was on at the time... Several people made some suggestions (like using a shell script as the user's shell) which sort of work, but aren't terribly secure or reliable. The commercial SSH product has a program to do this, but OpenSSH does not. Joe Boyle has a similar program called scponly, which at the time I looked at it had some security problems, though they have since been fixed... It does currently have some functionality that rssh does not (namely it works with WinSCP; see below), and some that it never will have (more on that in a moment). Obviously I prefer the way I've implemented my program, or else I wouldn't have written it. =8^) I did not write this program for my own use; I do not use it today, nor have I ever (though obviously I would if the occasion arose). At the time, I was bored, and I thought this project would be amusing and educational, as well as fill a gap. Please keep this in mind when asking for support. Odds are I'll give it pretty quickly if I've got a free minute, but what you get is what you get, and I won't loose sleep over slow response time. You've been warned. personaly i prefer the first solution from a security viewpoint because sftp-server is writen by the openssh team. Any Comments on the above solutions are welcomed. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp over ssh
On Wednesday 08 November 2006 04:45, Gorobets Igor wrote: Hello. How correctly to adjust this miracle? :-) Assuming you have a server that is running sshd (on all interfaces) and ftpd (only on the loopback interface): ftpclient# ssh -fnN -l 20:localhost:20 -L 21:localhost:21 [EMAIL PROTECTED] ftpclient# ftp localhost ftp passive JN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp over ssh
On Wednesday 08 November 2006 14:12, John Nielsen wrote: On Wednesday 08 November 2006 04:45, Gorobets Igor wrote: Hello. How correctly to adjust this miracle? :-) Assuming you have a server that is running sshd (on all interfaces) and ftpd (only on the loopback interface): ftpclient# ssh -fnN -l 20:localhost:20 -L 21:localhost:21 [EMAIL PROTECTED] ftpclient# ftp localhost ftp passive Typo above, -l should be -L. Also, it turns out this doesn't work beyond getting logged in without also specifying a specific range of passive ports for the ftp server to use and forwarding those through ssh as well. So as others have said, you're probably better off using sftp and/or scp, or setting up a true VPN if you're tied to traditional FTP for some reason. JN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp over ssh
SFTP is secure, but to use SFTP you generally have to give a user SSH access. Which is not always desirable. Just a side remark, if you plan to give FTP over SSH access, you have to give SSH access, so this remark does not really apply here. Bests, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to secure ftp over SSH (how to make ftpd listen only to 127.0.0.1)?
Constantine wrote: Hello, I am very concerned about the security of my servers. My favourite file-management software does not support any other unix standards than plain ftp. How is it possible to set up my FreeBSD 5.2.1 that way, that it will accept ftp connections only from itself, so that iff the login to the system is done via SSH with port-forwarding, then one can open ftp-connection? (It will be very nice if in this case the username/password is not requested again, i.e. the ftp connection is anonymous and yet the ftp-client gets the same rights to files as SSH-logged user, who has the port-forwarding, but this does not sound like easy doable.) Put it in other words, how can I make ftpd listen only to 127.0.0.1? Constantine. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I've forgot about hosts.allow it should work as well if you dont want to use ipfw. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to secure ftp over SSH (how to make ftpd listen only to 127.0.0.1)?
Constantine wrote: Hello, I am very concerned about the security of my servers. My favourite file-management software does not support any other unix standards than plain ftp. How is it possible to set up my FreeBSD 5.2.1 that way, that it will accept ftp connections only from itself, so that iff the login to the system is done via SSH with port-forwarding, then one can open ftp-connection? (It will be very nice if in this case the username/password is not requested again, i.e. the ftp connection is anonymous and yet the ftp-client gets the same rights to files as SSH-logged user, who has the port-forwarding, but this does not sound like easy doable.) Put it in other words, how can I make ftpd listen only to 127.0.0.1? Constantine. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I'm not sure if this is possible to set within ftpd. I'm using classic way to block incoming FTP requests from unwanted addresses - IPFW. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to secure ftp over SSH (how to make ftpd listen only to 127.0.0.1)?
Hello, I am very concerned about the security of my servers. My favourite file-management software does not support any other unix standards than plain ftp. How is it possible to set up my FreeBSD 5.2.1 that way, that it will accept ftp connections only from itself, so that iff the login to the system is done via SSH with port-forwarding, then one can open ftp-connection? (It will be very nice if in this case the username/password is not requested again, i.e. the ftp connection is anonymous and yet the ftp-client gets the same rights to files as SSH-logged user, who has the port-forwarding, but this does not sound like easy doable.) Put it in other words, how can I make ftpd listen only to 127.0.0.1? Constantine. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]