[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Secure FTP
- Subject: Re: [cobalt-security] Secure FTP
- From: Goetz Lohmann <goetz.lohmann@xxxxxx>
- Date: Wed, 02 Apr 2003 20:15:06 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Eugene Crosser schrieb:
>On Wed, 2003-04-02 at 19:27, FENiL PATEL wrote:
>
>
>>Can anyone recommend me a good way to secure FTP on RAQ4?
>>
>>
>>I am looking for data tunnel & authentication encryption without a use
>>of third party software on client side.
>>
>>
>
>This can hardly be accomplished without third party software on the
>client side. They will need to either install secure clone of FTP or
>tunelling/VPN client.
>
There is a real EASY way ;-)
get proftpd version 1.2.8 http://proftpd.linux.co.uk/ and compile it
after macking a backup of /usr/sbin/proftpd copy it there.
change/add some lines to your /etc/proftpd.conf
like:
*** file /etc/proftpd.conf ***
. . .
ServerName "ProFTPD"
ServerType inetd
DeferWelcome off
DefaultServer on
. . .
# Port 21 is the standard FTP port.
Port 21
. . .
<Global>
. . .
# Security issue about WS-FTP to accept certificates
<IfModule mod_tls.c>
# TLS/SSL Security Engine
TLSEngine on
TLSLog /var/log/auth
# TLSProtocol directive is used to configure
# the SSL/TLS protocol versions (SSLv3,TLSv1,SSLv23)
# TLSProtocol SSLv23
# Are clients required to use FTP over TLS when talking to this
server?
# SSL/TLS only (on), Data Channel (data), Control Channel (ctrl),
or No (off)
TLSRequired off
# Server's certificate
TLSRSACertificateFile /usr/local/ssl/certs/ftpd-rsa.pem
TLSRSACertificateKeyFile /usr/local/ssl/certs/ftpd-rsa-key.pem
TLSDSACertificateFile /usr/local/ssl/certs/ftpd-dsa.pem
TLSDSACertificateKeyFile /usr/local/ssl/certs/ftpd-dsa-key.pem
</IfModule>
. . .
</Global>
*** file end ***
create the certificates or maybe use some from versign & Co.
now you could use a TLS/SSL capabel FTP Client like WS-FTP Pro (comercial)
or the free SmartFTP v1.0 from http://www.smartftp.com ;-)
>
>But you can make them upload files over HTTPS.
>
uhhh ... possible ... but that is real ugly ;-)
>Which is probably the easiest way. Alternatives are: install VPN server
>
>
>on your RaQ and let people establish VPN before file transferring, use
>
>
>some "secure FTP"
>(*), or use scp (part of ssh).
>
scp is nice ... but it's no question compared to window based ftp tools
>(*) http://www.cs.berkeley.edu/~smcpeak/SafeTP/
> http://www.glub.com/products/secureftp/
>
>Eugene
>
>
>
regards
--
¸,ø¤°`°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸
Götz Lohmann | D-Mannheim | Web-Developer & Sys-Admin
---------------------------------------------------------
He's the fellow that people wonder what he does and why
the company needs him, until he goes on vacation.
¸,ø¤°`°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸