- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Sftp query
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-03-2004 04:17 PM
тАО03-03-2004 04:17 PM
Sftp query
My question is how do I generate a certificate in the first instance to send to the folk who own the ftp server who will in turn send me back a newly generated certificate. Second question is what do I then do with this certificate.
As you've gathered I'm slightly confused with the steps in configuring sftp.
- Tags:
- sftp
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-03-2004 04:21 PM
тАО03-03-2004 04:21 PM
Re: Sftp query
http://www.google.com/url?sa=U&start=1&q=http://www.orionserver.com/docs/ssl.html&e=747
http://www.google.com/url?sa=U&start=10&q=http://nicgrabhosting.nicgrab.com/Part5/SSL.htm&e=747
http://www.ssl.org
http://www.modssl.org
sftp doesn't really use these certificates but I suppose you could force it.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-03-2004 06:41 PM
тАО03-03-2004 06:41 PM
Re: Sftp query
You don't need to exchange certificates, that is mostly used when signing email.
Your ssh server (sshd) has generated it's own certificate, the first time someone connects to it he/she has to manually accept it.
So, when you connect to the remote sftp server, you might need to accept a certificate once, but that's probably not even required. The traffic would be encrypted from the start and you should be able to log in and transfer files.
HTH,
Robert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2004 08:27 PM
тАО03-04-2004 08:27 PM
Re: Sftp query
PKI certificates can be used in a number of ways. SSH uses a public/private key pair simply to ensure that converstations can be encrypted, and to ensure that parties are who they claim to be. However, the major problem is that the first time you connect to a host you are given the option of accepting their key, and thus taking it as being the way of checking their identity. If you were to accept this key from a trojaned host, then you would forever accept them as the real host.
PKI when used in email uses a construction known as an X.509 format certificate. This certificate has been constructed in such a way that it is bound to the rightful owner, and cannot be changed, or used by an imposter, without you being able to detect it. For an in-depth explanation of this process see www.verisign.com.
SSL (Secure Sockets Layer) is a component of many "secure" network services, though it is also completely invisible to the end-user, therefore I wouldn't really worry about it.
To generate a public/private key pair for use with ssh/scp, or sftp, use:
ssh-keygen -t rsa
and then send the remote user the ~/.ssh/id_rsa.pub file. They can then set up their system so that you can access it (as this user) without a password.
If you want them to access your system (for a particular user) get them to send you their id_rsa.pub file and append it to your ~/.ssh/authorized_keys file.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-08-2004 02:30 AM
тАО03-08-2004 02:30 AM
Re: Sftp query
By installing OpenSSH, you get "ftp over ssh". If you want a server that supports "ftp over ssl" then -- AFAIK -- you'll need to buy one. Anyone know of an opensource FTP+SSL server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2004 06:01 PM
тАО03-13-2004 06:01 PM
Re: Sftp query
If you are into FTP over SSL, give stunnel a try.
http://www.stunnel.org/examples/ftp.html
However, considering the limitations tunneling FTP over SSL, i.e. you need to cater for both FTP CONTROl and FTP DATA traffic, you are much better off using SFTP (FTP over SSH).
There is no need for certificates. Trust relationship using public/private key pairs should suffice such that secure FTP can be performed via automated scripts or cron jobs without passwords being entered.
Hope this helps. Regards.
Steven Sim Kok Leong