Solved

secure ftp

Posted on 2002-07-23
11
303 Views
Last Modified: 2013-12-27
Hi,

One of my solaris machine is put in internet.
from my intranet i want to give ftp access to two users.

What will be the BEST way of providing secure FTP.
Note..this machine will be in internet.

Can you give ur suggestions.?


msnr
0
Comment
Question by:msnr
  • 4
  • 2
  • 2
  • +3
11 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
Comment Utility
Do you need to grant them actual FTP access, or simply allow them to access their own files?

If the latter, I suggest installing OpenSSH (bundled with Solaris 9) and configuring their accounts so they can use sftp and nothing else.
0
 
LVL 1

Author Comment

by:msnr
Comment Utility
hi...
even iam thinking about that....
can u breif me the config steps...

meanwhile others....anyother suggestions.?


msnr
0
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 100 total points
Comment Utility
Getting OpenSSH is pretty easy - you can download source from www.openssh.com

The configuration is a bit trickier if you want these people to be SFTP-only.

I'm pretty sure you can do this by using command="..." in authorized_keys so the SFTP deamon is automatically envoked when they authenticate (and don't forget that the user shouldn't be able to write their authorized_keys file so they can't change it).

Don't know the exact details, though.
0
 
LVL 2

Expert Comment

by:LeeMiller
Comment Utility
One way to do this is to create a user with a shell that doesnt exist.  Example-- create the two users, and edit the /etc/passwd file to a default shell that doesnt exist
(eg. bin/foop).  The users will get their own file space but will not be able to connect through telnet(when trying to do so the new user without a default shell will get an error message that states that "NO Shell - Connection lost to foreign host)
0
 
LVL 14

Expert Comment

by:chris_calabrese
Comment Utility
I don't know if this works for ssh, though.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 1

Expert Comment

by:billwcc
Comment Utility
Here's a possible answer for you.  If I understand you correctly, you want to securely transfer files.

Using ssh, you could use scp (secure copy) instead of ftp.  scp works just like rcp, but the transfer is encrypted.  

Solaris 9 comes with ssh; I think Solaris 8 did too.  Hope this is of some help.
0
 
LVL 14

Expert Comment

by:chris_calabrese
Comment Utility
Wow, that answer is exacly what I said three days ago! You must be phychic!
0
 
LVL 1

Expert Comment

by:billwcc
Comment Utility
Jeez, I feel like an idiot.  Sorry about that.  After reading several
of these questions, one can forget who has said what.

And I agree with your answer, ssh is the way to go.
0
 
LVL 1

Author Comment

by:msnr
Comment Utility
Thanks all...
i know ssh is secure ftp....i have asked configurations also.....

anyhow iam closing this....
0
 
LVL 20

Expert Comment

by:tfewster
Comment Utility
No comment has been added lately, so it's time to clean up this Topic Area.
I will leave a recommendation for this question in the Cleanup topic area as follows:

- Answered by chris_calabrese

Please leave any comments here within the next 7 days

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

tfewster
Cleanup Volunteer
0
 

Expert Comment

by:SpideyMod
Comment Utility
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now