HPE Community
Operating System - Linux
1819838 Members
2693 Online
109607 Solutions
New Discussion юеВ

Re: howto set up secure ftp?

 
SOLVED
Go to solution
K.C. Chan
Trusted Contributor

тАО03-01-2002 01:47 PM

тАО03-01-2002 01:47 PM

howto set up secure ftp?

Gurus,
I've look at wu-ftp, and it doesn't seem so secure, password authentication is done in plain text. Does anyone one out there have any suggestion for secure ftp on RH Linux platform? Thanks.
Reputation of a thousand years can be determined by the conduct of an hour
0 Kudos
Reply
5 REPLIES 5
Eric Ladner
Trusted Contributor

тАО03-01-2002 01:57 PM

тАО03-01-2002 01:57 PM

Solution

Re: howto set up secure ftp?

If other folks are going to be connecting via FTP, there really isn't one. FTP blazes the username and password across the net in clear text, just like it has for 25 years.

There is a FTP work alike called SFTP that comes with the Secure Shell (ssh) packages. One open source distro for that is http://www.openssh.org

The down side is that to use sftp, you have to connect with sftp.
Reply
Christopher C. Weis
Advisor

тАО03-11-2002 08:35 PM

тАО03-11-2002 08:35 PM

Re: howto set up secure ftp?

There really isn't a way to set up ftp in a "secure" way. Not by using standard ftp anyway. There are two options to overcome this.

1.) If you're strictly worried about usernames and password getting sniffed, and your environment supports it, I would recommend looking at gssftp/kerberized ftp. This is part of the krb5-workstation package from Red Hat. This way at least your username/password will not be passed as plain text.

2.) If you can't user kerberos, I recommend dumping ftp all together and going with ssh. True, the encryption/unencryption overheads are somewhat of a burden on the host cpu(s), but other than this ssh is a wonderful tool (and with today's CPU speeds, there's really no excuse). If you're familiar with the 'r'-tools, you'll appreciate ssh. If all you want to do is transfer files and not offer a shell, look into the "scp" command. Ssh allows for use of RSA and DSA keys, so if users choose to (after reading about the security implications) they can use public/private host key pairs to move data around without ever typing in a username or password. Handy for system administrators also.

I hope this helps.
0 Kudos
Reply
K.C. Chan
Trusted Contributor

тАО03-12-2002 06:40 AM

тАО03-12-2002 06:40 AM

Re: howto set up secure ftp?

Christopher, can you go over a little more about kerberos ftp? I can't use ssh bec. client machine is windoze. so, can you point me to some docs on how to implement kerberos ftp? Thanks.
Reputation of a thousand years can be determined by the conduct of an hour
0 Kudos
Reply
Mark Fenton
Esteemed Contributor

тАО03-12-2002 07:26 PM

тАО03-12-2002 07:26 PM

Re: howto set up secure ftp?

Michael, actually there exist at least a couple sftp clients for windows. I refer you to www.putty.org and www.itree.org (a graphical sftp client that uses putty as its underpinnings.

hth.

Mark
0 Kudos
Reply
Christopher C. Weis
Advisor

тАО03-13-2002 06:42 AM

тАО03-13-2002 06:42 AM

Re: howto set up secure ftp?

Well, if you want documentation about kerberos, I recommend looking at http://web.mit.edu/kerberos/www/ They are the creators of the software. Or, look at http://www.isi.edu/gost/brian/security/kerberos.html. This is a much simpler explanation.

As for the actual kerberized ftp server, I would look at /usr/share/doc/krb5-workstation-1.x.x/ and /usr/share/doc/krb5-server-1.x.x (on a red hat distro). Or read through the docs on the mit page above.

After reading a little, it looks like the actual data connection via kerberized ftp can be encrypted. This could be very useful, but probably a little slower.

Oh, you can use ssh from windows. There are several programs out there , such as my favorite SecureCRT, that allow you to transfer data using "sz" and "rz". If you're supporting a larg org., I would seriously look into kerberos though.

If you can't get hold of any of the red hat docs, let me know and I'll email them to you.

Good luck.

~Chris
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.