[BBLISA] Anyone running a "secure FTP server?

Eddy Harvey bblisa2 at nedharvey.com
Thu Aug 10 15:08:05 EDT 2006 

I use sftp for almost everything.

There is an excellent free sftp gui client for Windows called WinSCP.
If you change the checkbox from "norton commander" to "windows explorer
mode" then you can drag & drop files to and from the server as if you were
browsing your local file system.  Very intuitive and friendly.

Basic setup could not be easier.  You just install an ssh server, and
un-comment the line in the config file that says "subsystem sftp" or
something like that.

Question is, do you need any of the difficult configuration stuff?

For example, if you want sftp inside a jail so users can only see their own
directory.  Installing the jail might be difficult.

Also, if you want sftp available, while ssh is not available, that might be
difficult too.

If you want usernames & home directories that are not usernames &
directories on the unix/linux/windows server, that might be difficult.





> -----Original Message-----
> From: bblisa-bounces at bblisa.org 
> [mailto:bblisa-bounces at bblisa.org] On Behalf Of John Stoffel
> Sent: Thursday, August 10, 2006 12:43 PM
> To: adamm at menlo.com
> Cc: Back Bay LISA
> Subject: Re: [BBLISA] Anyone running a "secure FTP server?
> 
> 
> Adam> Is anyone running a server that supports "secure FTP" 
> (also known 
> Adam> as "SFTP," "FTPS," or "FTP over SSL") and, if so, would you be 
> Adam> willing to help me debug an SFTP set-up?
> 
> I've been working at my site setting it up so our customers 
> can use sftp instead of ftp to upload/download files to our 
> server in the DMZ.  Not hard at all.
> 
> The hard part came about in getting it to work like proftpd 
> does, so that customers can only see their own 
> files/directories.  I ended up going with 'scponly' as the 
> tool and making changes to the existing setup on how to we do 
> FTP for our customers.  Of course, there were complaints that 
> we're changing things and that it's "too confusing"
> for the users.  Sigh...
> 
> See the May 2004 issue of SysAdmin magazine for more details. 
>  I've also got a writeup of what I did which might help, and 
> which I think I can share if I sanitize some details.  
> 
> Adam> My employer has a requirement to set up SFTP for data exchange 
> Adam> with a partner of ours, but for security reasons that partner 
> Adam> can't be especially helpful to us in getting our side 
> configured 
> Adam> correctly. (I don't mean to reflect poorly on our partner; it's 
> Adam> simply that their security policies -- which are entirely 
> Adam> reasonable and necessary -- prohibit them from setting 
> up a test 
> Adam> system for debugging use.)
> 
> I don't know what you mean by sftp data exchange.  Do you 
> mean people at your site will use sftp to push/pull files 
> from their sftp-server?
> Or visa versa?  Or does it have to happen both ways?
> 
> Any why not just plain scp then?  Or are you like us and 
> trying to minimize the re-training of users?  
> 
> Adam> Anyway, I'd prefer to use someone's personal server, 
> not one owned 
> Adam> by an employer; security stuff is just too sensitive these days 
> Adam> for me to want to risk legal problems.
> 
> Sure, but it's really easy to setup.  Esp if you just use a 
> home machine for the client side testing.  
> 
> Adam> So, if you run such a server of your own, and would be 
> willing to 
> Adam> help me with this project, I'd really appreciate it. I 
> can't offer 
> Adam> to pay you anything, nor can my employer pay you on a 
> consulting 
> Adam> basis -- but I could probably buy you dinner at my employer's 
> Adam> expense. :-)
> 
> Dinner sometime would be good, but maybe out in my area of the woods?
> Marlboro?
> 
> Cheers,
> John
> 
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
>

More information about the bblisa mailing list