Solved

setting up ftp on Mac OS X to use non standard port

Posted on 2006-11-22
6
424 Views
Last Modified: 2013-11-13
Hello,

I currently have ftp running on a Mac OS X 10.3.9 server.  On my firewall I am port forwarding port 21 to that server and everything is working fine. I'm concerned about security and in lieu of changing to something like sftp, I'd like to use a non standard port for ftp requests. My question is what changes do I need to make to the ftp service (if any), what changes to my firewall (I'm pretty sure that I just forward my new port number to the ftp server), and finally what do my clients need to do to connect using the non standard port.  Currently, I have clients on Macs and PCs using Internet Explorer, Fetch, and WS_Ftp Pro.  There may be some other misc. clients, but I only support the ones mentioned.

Are there any other things that I need to consider before making a change like this? And do any of you have opinions about other products that I might use for a more secure ftp site?  I looked recently at a product called Rumpus - any thoughts on that?

I appreciate the help - thanks.

Elly
0
Comment
Question by:EllysP
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 12

Expert Comment

by:dalesit
ID: 18000583
Security through obscurity does not help a great deal. Port scanning is done a great deal, and they will find the port, regardless of which one you are using. If you are using the ftp service provided by Max OS X server, then providing you keep up to date with security patches (using Software Update), you will be secure.

The biggest issue is that passwords are sent in clear text for default ftp. The best solution for this is to run SFTP which tunnels it over ssh. It isn't an issue if you are allowing anonymous ftp, as you don't have any sensitive passwords being sent.

Are you using this for an upload server or a download server?

What are the security issues you are concerned about?

Cheers,

Joel
0
 

Author Comment

by:EllysP
ID: 18000855
Hey Joel,

The non standard port was a suggestion from a party that we will be working with as a security measure.  I agree with you - that's probably not going to get me where I want to be but would still like to know how to set it up.
We're using the server for uploads and downloads.  The server is kept up to date with all patches.  I have a large number of people using the site and moving to sftp seems like a good solution, but it might cause a real hiccup in use - I would need special clients - correct?  (I am not allowing anonymous access.)
Although the data is not sensitive, it is important to keep the site secure to the extent that it will be available 24/7 and to keep the data from being compromised in any way.  

So what's involved in setting up sftp - what are the performance effects with the encryption?  And I'm still interested in opinions on third party ftp software - I've read that Mac OS X's implementation has issues - I'm interested in building and maintaining a solid, reliable server - so would appreciate ideas.

Thanks much,

Elly


0
 
LVL 12

Expert Comment

by:dalesit
ID: 18015948
Sftp doesn't particularly need setting up - if you enable ssh, then sftp gets enabled as well.

In terms of special clients, it can be done from the command line in Mac OS X, or you can use Interarchy, Fetch or others. For Windows there are winSCP and others.

I believe that the ftp server in Mac OS X Server is based on wu-ftpd - it was in Panther and before. This site <http://www.oreillynet.com/pub/a/mac/2005/03/04/ftp.html> gives details and also provides instructions for replacements. Many suggest using Pro-ftpd <http://www.proftpd.org/>.

Another good resource is <http://www.takecontrolbooks.com/tiger-sharing.html>

Cheers,

Joel
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 

Author Comment

by:EllysP
ID: 18039499
Thanks for the info - I'll check out the links and decide which way to go.
A couple quick final questions:
I'd still like to know how to use a non standard port AND which port does sftp use - how do I ensure people are using sftp and not regular ftp?

Thanks again - Elly
0
 
LVL 12

Accepted Solution

by:
dalesit earned 250 total points
ID: 18041433
SFTP runs over an ssh tunnel, so on port 22. FTP runs on ports 20 and 21. If you aren't running an ftp server, then you won't have anyone connecting with ftp.

You set the ports up on the firewall to forward the non-standard ports to the standard ports on the server. Eg 10020-10021->20-21.

To access these ports, you can add the port information to the url

eg ftp://foo.bar:10021/pub/test.txt

In command line ftp, you add the port by putting the port at the end of the line

eg ftp foo.bar 10021

you will probably need to use passive ftp.

Cheers,

Joel
0
 

Author Comment

by:EllysP
ID: 18042315
Thanks for all the info Joel - I've got one more question and I think I'm good to go.  I set up permissions in Workgroup manager for ftp access - how do I set permissions for sftp?

Elly
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SUMMARY Enterprise backup in a heterogeneous network is a subject full of complications and restrictions. Issues such as filename & path structure, attributes and extended metadata always tend to complicate the subject to the extent where either …
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question