[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: safest ftp server?



On the same point as secure, how would you chroot the scp connection? 
I know I can chroot the normal ftp server by adding the user name to
the /etc/ftpchroot file, but apparently scp doesn't allow that.  I have
the ssh "telnet" blocked by adding exit to the end of the .profile, and
chmod to no write access and chown to root.wheel .  I want it to be a
per user thing, because when I log in as an admin through ssh, I want
full access (duh)




--- "David S." <dgjs_(_at_)_acm_(_dot_)_org> wrote:
> On Fri, Mar 02, 2001 at 01:20:08PM -0800, McKevitt, Larry wrote:
> > Hello, All:
> > what's the most secure ftp server?  
> 
> Just what do you mean by "secure"?  One could argue that the FTP
> protocol is inherently insecure, since it allows clear-text
> password authentication and un-encrypted data transfers.  To
> avoid those problems, you need some sort of augmented FTP server.
> There are a number of them: SafeTP, SRP telnet, Kerber-ized telnet,
> SSL/TLS telnet, sftp (which isn't "really" FTP, but scp).
> 
> If you're not worried about insecure authentication or data 
> transfers, and you just want a secure implementation of the FTP 
> protocol that (you hope) won't allow any nasty exploits, how
> about OpenBSD's FTP?  Run it with anonymous-only access, and 
> it's probably about as secure as ordinary FTP is going to get.
> 
> > and if there's no 
> > such thing, how can i start and stop ftpd so 
> > that it runs for an hour or two per day?  thanks.
> 
> Turn off FTP in 'inetd.conf' and run it in daemon mode from 'cron';
> man ftpd(8), man cron(8), man crontab(1).
> 
> > -larry
> 
> David S.
> 
> 


=====
Peter Hessler
<yodadoa_(_at_)_yahoo_(_dot_)_com>

__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/