[BBLISA] Anyone running a "secure FTP server?

John Stoffel john at stoffel.org
Thu Aug 10 12:42:45 EDT 2006 

Adam> Is anyone running a server that supports "secure FTP" (also
Adam> known as "SFTP," "FTPS," or "FTP over SSL") and, if so, would
Adam> you be willing to help me debug an SFTP set-up?

I've been working at my site setting it up so our customers can use
sftp instead of ftp to upload/download files to our server in the
DMZ.  Not hard at all.

The hard part came about in getting it to work like proftpd does, so
that customers can only see their own files/directories.  I ended up
going with 'scponly' as the tool and making changes to the existing
setup on how to we do FTP for our customers.  Of course, there were
complaints that we're changing things and that it's "too confusing"
for the users.  Sigh...

See the May 2004 issue of SysAdmin magazine for more details.  I've
also got a writeup of what I did which might help, and which I think I
can share if I sanitize some details.  

Adam> My employer has a requirement to set up SFTP for data exchange
Adam> with a partner of ours, but for security reasons that partner
Adam> can't be especially helpful to us in getting our side configured
Adam> correctly. (I don't mean to reflect poorly on our partner; it's
Adam> simply that their security policies -- which are entirely
Adam> reasonable and necessary -- prohibit them from setting up a test
Adam> system for debugging use.)

I don't know what you mean by sftp data exchange.  Do you mean people
at your site will use sftp to push/pull files from their sftp-server?
Or visa versa?  Or does it have to happen both ways?

Any why not just plain scp then?  Or are you like us and trying to
minimize the re-training of users?  

Adam> Anyway, I'd prefer to use someone's personal server, not one
Adam> owned by an employer; security stuff is just too sensitive these
Adam> days for me to want to risk legal problems.

Sure, but it's really easy to setup.  Esp if you just use a home
machine for the client side testing.  

Adam> So, if you run such a server of your own, and would be willing
Adam> to help me with this project, I'd really appreciate it. I can't
Adam> offer to pay you anything, nor can my employer pay you on a
Adam> consulting basis -- but I could probably buy you dinner at my
Adam> employer's expense. :-)

Dinner sometime would be good, but maybe out in my area of the woods?
Marlboro?

Cheers,
John

More information about the bblisa mailing list