HPE Community
Operating System - HP-UX
1833802 Members
2120 Online
110063 Solutions
New Discussion

Re: Secure FTP

 
SOLVED
Go to solution
raymond lei
Occasional Contributor

‎08-14-2002 06:27 AM

‎08-14-2002 06:27 AM

Secure FTP

Hi, there:

We are using wu-ftp 2.4, and our client is considering Secure Ftp. I can see the "(Version wu-2.4(SecurID)) ready" at the ftp server login prompt. Does this mean wu-ftp support Secure ftp as well?

As I understand, secure ftp is a part of SSH and we don't use SSH currently. If we go to Secure ftp without disabling telnet, will all of this still make sense?

Appreciate for any response..
Raymondl
0 Kudos
Reply
8 REPLIES 8
Shannon Petry
Honored Contributor

‎08-14-2002 06:39 AM

‎08-14-2002 06:39 AM

Re: Secure FTP

Secure FTP is a part of the OpenSSH project. wu_ftp is not secure, and is prone to buffer overflows, and other attacks.

Secure FTP may not be that different when it comes to the buffer overflows (just has not been used enough to be exploited), but has many features like encrypted login, that make it much more secure than standard FTP.

You can go to secure ftp, and since it runs on port 22 (unless you change it) you can maintain telnet, standard ftp, etc...

Remember that to use secure ftp, all of your customers will have to have the sftp client program to be able to connect. Also the other client requirements like key generators, etc...

Regards,
Shannon
Microsoft. When do you want a virus today?
Reply
Jeff Schussele
Honored Contributor

‎08-14-2002 06:42 AM

‎08-14-2002 06:42 AM

Re: Secure FTP

Hi Raymond,

It's my understanding that SecurID is an authentication process whereby the user enters a numeric "token" generated by a smartcard in the user's posession which is authenticated by a SecurID server.
This is entirely different than the sftp functionality of ssh which will encrypt all the traffic as well as authenticate the user.
So no, I wouldn't say this is "secure" ftp per se - it's a secure authentication capable product.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Alan Casey
Trusted Contributor

‎08-14-2002 06:50 AM

‎08-14-2002 06:50 AM

Re: Secure FTP

SSH is seperate to telnet, so you can disable the telnet port if you like when using ssh.


0 Kudos
Reply
raymond lei
Occasional Contributor

‎08-14-2002 06:58 AM

‎08-14-2002 06:58 AM

Re: Secure FTP

Shannon:

Thank you so much for quickly response. Does HP have the openSSH depot? If so, what is the current version. Thanks again, I will assign points later on.
Raymondl
0 Kudos
Reply
Alan Casey
Trusted Contributor

‎08-14-2002 07:11 AM

‎08-14-2002 07:11 AM

Re: Secure FTP

You will find it at:

www.openssh.org

http://www.openssh.org/portable.html


Alan
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎08-14-2002 07:15 AM

‎08-14-2002 07:15 AM

Solution

Re: Secure FTP

The HP porting center has the depots you need to install it for HP-UX. The web site someone else gave is the openssh site, and may or may not have good depots for HP-U (never tried theirs if they exist).
The porting center has other goodies as well, so make a bookmark!
http://hpux.cs.utah.edu

Have fun!
Shannon
Microsoft. When do you want a virus today?
Reply
raymond lei
Occasional Contributor

‎08-14-2002 07:50 AM

‎08-14-2002 07:50 AM

Re: Secure FTP

The secure access(ssh&sftp) and unsecure access(telnet&ftp) of system can exist together, so it's customer's choice to pick up a way they want to use. Thanks very much for everybody's help. I will try the websites later.
Raymondl
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎08-14-2002 08:32 AM

‎08-14-2002 08:32 AM

Re: Secure FTP

You may want to use the package supplied by HP at software.hp.com Out of the box, it will coexist with telnet/ftp and the 'r' commands (rcp, rlogin, remsh) but these can be disabled if security is a big concern. As mentioned, network connectivity using SSH tools exclusively will mean that no one can connect using the equivalents of telnet, ftp, etc unless they have the appropriate client software. Note also that there are incompatible standards: SSH-1 and SSH-2. Some clients understand both, some do not.

So all your HP-UX (11.0 and higher) can have SSH added and they can be authenticated to talk to each other. A nice feature of SSH is the ability to preauthorize a trust relationship (user+machine) so the user no longer has to login with a password and .rhosts may (should) be removed.

Now this all sounds neat until you look at the sysadmin's responsibilities. If a user needs access to another system, the public key from the user must be generated and given to the sysadmin for installation on the new host (assuming all other methods to connect are disabled). In other words, in a truly locked-down environment, the sysadmin job just got bigger.

Before you start using SSH, get the O'Reilly book: SSH, The Secure Shell (Barrett and Silverman) and plan to spend a few evenings on the overviews.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.