[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Secure FTP

Subject: Re: [cobalt-security] Secure FTP
From: Goetz Lohmann <goetz.lohmann@xxxxxx>
Date: Wed, 02 Apr 2003 20:15:06 +0200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Eugene Crosser schrieb:

>On Wed, 2003-04-02 at 19:27, FENiL PATEL wrote:
>  
>
>>Can anyone recommend me a good way to secure FTP on RAQ4? 
>>    
>>
>>I am looking for data tunnel & authentication encryption without a use
>>of third party software on client side.
>>    
>>
>
>This can hardly be accomplished without third party software on the
>client side.  They will need to either install secure clone of FTP or
>tunelling/VPN client.
>
There is a real EASY way ;-)

get proftpd  version 1.2.8 http://proftpd.linux.co.uk/ and compile it
after macking a backup of /usr/sbin/proftpd copy it there.

change/add some lines to your /etc/proftpd.conf

like:

*** file /etc/proftpd.conf ***
. . .
ServerName                      "ProFTPD"
ServerType                      inetd
DeferWelcome                    off
DefaultServer                   on
. . .
# Port 21 is the standard FTP port.
Port                            21
. . .
<Global>
   . . .
   # Security issue about WS-FTP to accept certificates
   <IfModule mod_tls.c>
       # TLS/SSL Security Engine
        TLSEngine                       on
        TLSLog                          /var/log/auth
       # TLSProtocol directive is used to configure
       # the SSL/TLS protocol versions (SSLv3,TLSv1,SSLv23)
#        TLSProtocol                     SSLv23
        # Are clients required to use FTP over TLS when talking to this
server?
       # SSL/TLS only (on), Data Channel (data), Control Channel (ctrl),
or No (off)
        TLSRequired                     off
        # Server's certificate
        TLSRSACertificateFile          /usr/local/ssl/certs/ftpd-rsa.pem
        TLSRSACertificateKeyFile       /usr/local/ssl/certs/ftpd-rsa-key.pem
        TLSDSACertificateFile          /usr/local/ssl/certs/ftpd-dsa.pem
        TLSDSACertificateKeyFile       /usr/local/ssl/certs/ftpd-dsa-key.pem
   </IfModule>
  . . .
</Global>

*** file end ***

create the certificates or maybe use some from versign & Co.

now you could use a TLS/SSL capabel FTP Client like WS-FTP Pro (comercial)
or the free SmartFTP v1.0 from http://www.smartftp.com ;-)

>
>But you can make them upload files over HTTPS.
>
uhhh ... possible ... but that is real ugly ;-)

>Which is probably the easiest way.  Alternatives are: install VPN server
>  
>
>on your RaQ and let people establish VPN before file transferring, use
>  
>
>some "secure FTP"
>(*), or use scp (part of ssh).
>
scp is nice ... but it's no question compared to window based ftp tools

>(*) http://www.cs.berkeley.edu/~smcpeak/SafeTP/
>    http://www.glub.com/products/secureftp/
>
>Eugene
>
>  
>
regards

-- 

¸,ø¤°`°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸

Götz Lohmann  |  D-Mannheim  |  Web-Developer & Sys-Admin
---------------------------------------------------------
He's the fellow that people wonder what he does and why
the company needs him, until he goes on vacation.
¸,ø¤°`°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸

Follow-Ups:
- Re: [cobalt-security] Secure FTP
  - From: Jalon Q. Zimmmerman
- Re: [cobalt-security] Secure FTP
  - From: Harald Kapper

References:
- [cobalt-security] Secure FTP
  - From: FENiL PATEL
- Re: [cobalt-security] Secure FTP
  - From: Eugene Crosser

Prev by Date: Re: [cobalt-security] Secure FTP
Next by Date: Re: [cobalt-security] Secure FTP
Previous by thread: Re: [cobalt-security] Secure FTP
Next by thread: Re: [cobalt-security] Secure FTP

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index