[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] secFTP not working on Qube2
- Subject: Re: [cobalt-security] secFTP not working on Qube2
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Thu, 26 Oct 2000 15:03:15 +0100 (BST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Tue, 24 Oct 2000, Jeff Lovell wrote:
> Mike Vanecek wrote:
> >
> > Active and passive work if using non-secure session.
> >
> > Both passive and active are broken for me if I do a ssh1 session (using the
> > openssh 2.1.1 install from Cobalt). Using the latest version of SecureCRT to
> > establish the port forwarding. I have not tried a ssh2 session.
> >
> > I have sent you the logs in a private message.
> >
> > I would be a happy camper if either one worked via ssh.
>
> This is working for me.
>
> Add the following directive to your /etc/proftpd.conf file:
>
> AllowForeignAddress on
>
> Here are the details from proftpd:
> http://www.proftpd.net/docs/configuration.html#AllowForeignAddress
Note that by doing this you allow 'bounce' attacks (but then, if you deny
anonymous access this shouldn't really be much of a problem), and at any
rate forwarding ftp thru ssh leaves the actual data
unencrypted. Passwords are exchanged over a secure channel, though.