• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 317
  • Last Modified:

secure ftp

Hi,

One of my solaris machine is put in internet.
from my intranet i want to give ftp access to two users.

What will be the BEST way of providing secure FTP.
Note..this machine will be in internet.

Can you give ur suggestions.?


msnr
0
msnr
Asked:
msnr
  • 4
  • 2
  • 2
  • +3
1 Solution
 
chris_calabreseCommented:
Do you need to grant them actual FTP access, or simply allow them to access their own files?

If the latter, I suggest installing OpenSSH (bundled with Solaris 9) and configuring their accounts so they can use sftp and nothing else.
0
 
msnrAuthor Commented:
hi...
even iam thinking about that....
can u breif me the config steps...

meanwhile others....anyother suggestions.?


msnr
0
 
chris_calabreseCommented:
Getting OpenSSH is pretty easy - you can download source from www.openssh.com

The configuration is a bit trickier if you want these people to be SFTP-only.

I'm pretty sure you can do this by using command="..." in authorized_keys so the SFTP deamon is automatically envoked when they authenticate (and don't forget that the user shouldn't be able to write their authorized_keys file so they can't change it).

Don't know the exact details, though.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
LeeMillerCommented:
One way to do this is to create a user with a shell that doesnt exist.  Example-- create the two users, and edit the /etc/passwd file to a default shell that doesnt exist
(eg. bin/foop).  The users will get their own file space but will not be able to connect through telnet(when trying to do so the new user without a default shell will get an error message that states that "NO Shell - Connection lost to foreign host)
0
 
chris_calabreseCommented:
I don't know if this works for ssh, though.
0
 
billwccCommented:
Here's a possible answer for you.  If I understand you correctly, you want to securely transfer files.

Using ssh, you could use scp (secure copy) instead of ftp.  scp works just like rcp, but the transfer is encrypted.  

Solaris 9 comes with ssh; I think Solaris 8 did too.  Hope this is of some help.
0
 
chris_calabreseCommented:
Wow, that answer is exacly what I said three days ago! You must be phychic!
0
 
billwccCommented:
Jeez, I feel like an idiot.  Sorry about that.  After reading several
of these questions, one can forget who has said what.

And I agree with your answer, ssh is the way to go.
0
 
msnrAuthor Commented:
Thanks all...
i know ssh is secure ftp....i have asked configurations also.....

anyhow iam closing this....
0
 
tfewsterCommented:
No comment has been added lately, so it's time to clean up this Topic Area.
I will leave a recommendation for this question in the Cleanup topic area as follows:

- Answered by chris_calabrese

Please leave any comments here within the next 7 days

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

tfewster
Cleanup Volunteer
0
 
SpideyModCommented:
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now