Re: FTP Access


Subject: Re: FTP Access
From: Jon Reynolds (jonr@destar.net)
Date: Mon Oct 28 2002 - 22:43:17 AKST


On Mon, 2002-10-28 at 22:36, James Zuelow wrote:
>
> On 28 Oct 2002 22:17:03 -0900
> "Jon Reynolds" <jonr@destar.net> wrote:
>
> >
> > I am now needing to setup ftp access to one of my servers. I have heard
> > horror stories of how insecure it is and am thinking of using sftp. Is
> > this the recommended way of of doing ftp nowadays and what are some of
> > the security issues to watch out for while granting this kind of access?
> >
> > Jon
> >
> sftp is part of the OpenSSH suite (probably the regular SSH as well, although I've only used OpenSSH myself) - it isn't intended for anonymous use like a public ftp server is, rather sftp simplifies file transfer for ssh clients. It uses the same authentication mechanism that ssh does, so you would have to set up an account for each person who will be connecting to your server.
>
> If you have a limited number of people who need ftp access, and these people would have a shell account on your machine anyway, sftp would be a good solution. If you need public (anonymous) ftp access, then it won't work. In the latter case, the only thing you can do is be very careful with how you set up your ftp server. Choose the right daemon, chroot your clients, etc.
>
> Cheers,
>
> James

I will have probably just two people whom I know and trust that will
need access to my server. I want them to only have access to particular
folders and nothing else, so sftp doesn't sound like what I need. And
what is the right daemon and how do I chroot them, I've never done this
before, so you don't have to explain it all out to me if you don't want
to, maybe just point me to a good doc on the web. But if your feeling
particularly generous, I wouldn't mind an explanation. ;)

And thanks James for your help with the virtual domains, you totally
cleared up my confusions.

Jon

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.



This archive was generated by hypermail 2a23 : Mon Oct 28 2002 - 22:43:00 AKST