topic Re: secure ftp in Operating System - HP-UX

secure ftp

Paul T. Green — Wed, 07 Mar 2001 13:48:25 GMT

I am interested in implementing a secure method for ftp'ing files into one our prod. servers without trusting it. Someone mentioned ftppro, but have been unable to find a copy of it. Does HP recommend any particular one? Any ideas. Thanx in adv.

Re: secure ftp

BOSCHIAN Xavier — Wed, 07 Mar 2001 14:08:46 GMT

What about ssh (www.ssh.org) and sftp ?

Re: secure ftp

Paul T. Green — Wed, 07 Mar 2001 14:37:44 GMT

Xavier, ssh is more of a general internet
IP spoofing, IP source routing, DNS spoofing,
manipulation of data, and attacks based on listening to X authentication data and spoofed connection to the X11- server type app. I am not sure that I want to get into heavy configurations.
What is HP's take on SSH?
SFTP 0.9.6 is still working on bug fixes. Don't want to use it!

Re: secure ftp

Ian Cameron — Thu, 08 Mar 2001 15:29:10 GMT

We are using proftpd-1.2.0pre9 for the simple reason that I can lock down users to whatever level of access I wish very easily with the config files. You can download precompiled libs or source code from:

http://eigen.ee.ualberta.ca/hppd/hpux/Networking/FTP/proftpd-1.2.0pre9/

Hope this helps.

Re: secure ftp

Brian Markus — Thu, 08 Mar 2001 17:44:56 GMT

We also use proftpd, Are you concerned with people sniffing flat text passwords or concerned with what the users get access to? If your only focus is what they get access to, definately use proftpd. If it's the secure network issue, use the ssh product. In proftpd you can specify which ip address can access your box, what directory appears to be their home, what access to files (rwx), what access to directorys (remove/list). It's very flexiable and customizable. The syntax in the conf file looks a lot like HTML. It's very easy to setup, and it includes examples.
Hope that helps..

Brian.

Re: secure ftp

Jerry L. Anderson — Tue, 13 Mar 2001 18:46:46 GMT

We use scp (Secure Copy Program) instead of ftp for non-interactive file transfers. scp is part of the ssh bundle. The version we use is from OpenSSH (http://www.openssh.com) which runs fine under HP-UX. You can also download it precompiled from one of the HP-UX porting sites.

To make it work in batch mode for root we use the /.shosts file (gives host level root equivalency which is a risk). For command line work any valid user account can use it.

The pluses to us are the fact that the userid/password is never sent un-encrypted, and each host has a digital signature so it automagically verifies that you are talking to the host you think you're talking to.

There is some complexity, but just starting with the defaults will give you 99% of what you are looking for.

Re: secure ftp

Paul T. Green — Wed, 14 Mar 2001 16:53:46 GMT

Ian,

I've been trying to implement proftpd on a test server and have come accross a few glitches... please contact me at frank.quinteros@unistudios.com would like to ask a few questions...