Re: ftp over ssh
On 11/8/06, Gorobets Igor [EMAIL PROTECTED] wrote: Hello. How correctly to adjust this miracle? :-) man sftp ;-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp over ssh
I on ssh do the forward of port here thus ssh -L local_port:foo.com:remote_port foo.com. I should as make with ftp. On Wed, Nov 08, 2006 at 12:59 +0300, Andrew Pantyukhin wrote: On 11/8/06, Gorobets Igor [EMAIL PROTECTED] wrote: Hello. How correctly to adjust this miracle? :-) man sftp ;-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp over ssh
On 11/8/06, Gorobets Igor [EMAIL PROTECTED] wrote: I on ssh do the forward of port here thus ssh -L local_port:foo.com:remote_port foo.com. I should as make with ftp. What are you talking about? http://en.wikipedia.org/wiki/FTP_over_SSH ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp over ssh
On 11/8/06, Gorobets Igor [EMAIL PROTECTED] wrote: Hello. How correctly to adjust this miracle? :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] from http://forums.serverbeach.com/archive/index.php/t-2179.html FTP is insecure. Passwords are sent in plaintext for anyone to snoop. SFTP is secure, but to use SFTP you generally have to give a user SSH access. Which is not always desirable. So, to give a user SFTP access without SSH access, set their shell to /usr/libexec/openssh/sftp-server instead of /bin/sh or /bin/bash. If your sftp-server is not there, use locate sftp-server to find it. in freebsd sftp-server is located in the /usr/libexec directory. another solution is to use rssh (meaning restricted ssh) from rssh faq Q: Why did you write this software? A: Mainly, because the question of how to restrict access to scp or sftp only kept coming up on a few different mailing lists I was on at the time... Several people made some suggestions (like using a shell script as the user's shell) which sort of work, but aren't terribly secure or reliable. The commercial SSH product has a program to do this, but OpenSSH does not. Joe Boyle has a similar program called scponly, which at the time I looked at it had some security problems, though they have since been fixed... It does currently have some functionality that rssh does not (namely it works with WinSCP; see below), and some that it never will have (more on that in a moment). Obviously I prefer the way I've implemented my program, or else I wouldn't have written it. =8^) I did not write this program for my own use; I do not use it today, nor have I ever (though obviously I would if the occasion arose). At the time, I was bored, and I thought this project would be amusing and educational, as well as fill a gap. Please keep this in mind when asking for support. Odds are I'll give it pretty quickly if I've got a free minute, but what you get is what you get, and I won't loose sleep over slow response time. You've been warned. personaly i prefer the first solution from a security viewpoint because sftp-server is writen by the openssh team. Any Comments on the above solutions are welcomed. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp over ssh
On Wednesday 08 November 2006 04:45, Gorobets Igor wrote: Hello. How correctly to adjust this miracle? :-) Assuming you have a server that is running sshd (on all interfaces) and ftpd (only on the loopback interface): ftpclient# ssh -fnN -l 20:localhost:20 -L 21:localhost:21 [EMAIL PROTECTED] ftpclient# ftp localhost ftp passive JN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp over ssh
On Wednesday 08 November 2006 14:12, John Nielsen wrote: On Wednesday 08 November 2006 04:45, Gorobets Igor wrote: Hello. How correctly to adjust this miracle? :-) Assuming you have a server that is running sshd (on all interfaces) and ftpd (only on the loopback interface): ftpclient# ssh -fnN -l 20:localhost:20 -L 21:localhost:21 [EMAIL PROTECTED] ftpclient# ftp localhost ftp passive Typo above, -l should be -L. Also, it turns out this doesn't work beyond getting logged in without also specifying a specific range of passive ports for the ftp server to use and forwarding those through ssh as well. So as others have said, you're probably better off using sftp and/or scp, or setting up a true VPN if you're tied to traditional FTP for some reason. JN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp over ssh
SFTP is secure, but to use SFTP you generally have to give a user SSH access. Which is not always desirable. Just a side remark, if you plan to give FTP over SSH access, you have to give SSH access, so this remark does not really apply here. Bests, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]