Solved

secure ftp

Posted on 2002-07-23
11
306 Views
Last Modified: 2013-12-27
Hi,

One of my solaris machine is put in internet.
from my intranet i want to give ftp access to two users.

What will be the BEST way of providing secure FTP.
Note..this machine will be in internet.

Can you give ur suggestions.?


msnr
0
Comment
Question by:msnr
  • 4
  • 2
  • 2
  • +3
11 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 7172030
Do you need to grant them actual FTP access, or simply allow them to access their own files?

If the latter, I suggest installing OpenSSH (bundled with Solaris 9) and configuring their accounts so they can use sftp and nothing else.
0
 
LVL 1

Author Comment

by:msnr
ID: 7173422
hi...
even iam thinking about that....
can u breif me the config steps...

meanwhile others....anyother suggestions.?


msnr
0
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 100 total points
ID: 7174923
Getting OpenSSH is pretty easy - you can download source from www.openssh.com

The configuration is a bit trickier if you want these people to be SFTP-only.

I'm pretty sure you can do this by using command="..." in authorized_keys so the SFTP deamon is automatically envoked when they authenticate (and don't forget that the user shouldn't be able to write their authorized_keys file so they can't change it).

Don't know the exact details, though.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:LeeMiller
ID: 7175219
One way to do this is to create a user with a shell that doesnt exist.  Example-- create the two users, and edit the /etc/passwd file to a default shell that doesnt exist
(eg. bin/foop).  The users will get their own file space but will not be able to connect through telnet(when trying to do so the new user without a default shell will get an error message that states that "NO Shell - Connection lost to foreign host)
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 7175321
I don't know if this works for ssh, though.
0
 
LVL 1

Expert Comment

by:billwcc
ID: 7179862
Here's a possible answer for you.  If I understand you correctly, you want to securely transfer files.

Using ssh, you could use scp (secure copy) instead of ftp.  scp works just like rcp, but the transfer is encrypted.  

Solaris 9 comes with ssh; I think Solaris 8 did too.  Hope this is of some help.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 7180782
Wow, that answer is exacly what I said three days ago! You must be phychic!
0
 
LVL 1

Expert Comment

by:billwcc
ID: 7181974
Jeez, I feel like an idiot.  Sorry about that.  After reading several
of these questions, one can forget who has said what.

And I agree with your answer, ssh is the way to go.
0
 
LVL 1

Author Comment

by:msnr
ID: 7181982
Thanks all...
i know ssh is secure ftp....i have asked configurations also.....

anyhow iam closing this....
0
 
LVL 21

Expert Comment

by:tfewster
ID: 8003375
No comment has been added lately, so it's time to clean up this Topic Area.
I will leave a recommendation for this question in the Cleanup topic area as follows:

- Answered by chris_calabrese

Please leave any comments here within the next 7 days

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

tfewster
Cleanup Volunteer
0
 

Expert Comment

by:SpideyMod
ID: 8065846
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question