Solved

setting up ftp on Mac OS X to use non standard port

Posted on 2006-11-22
6
428 Views
Last Modified: 2013-11-13
Hello,

I currently have ftp running on a Mac OS X 10.3.9 server.  On my firewall I am port forwarding port 21 to that server and everything is working fine. I'm concerned about security and in lieu of changing to something like sftp, I'd like to use a non standard port for ftp requests. My question is what changes do I need to make to the ftp service (if any), what changes to my firewall (I'm pretty sure that I just forward my new port number to the ftp server), and finally what do my clients need to do to connect using the non standard port.  Currently, I have clients on Macs and PCs using Internet Explorer, Fetch, and WS_Ftp Pro.  There may be some other misc. clients, but I only support the ones mentioned.

Are there any other things that I need to consider before making a change like this? And do any of you have opinions about other products that I might use for a more secure ftp site?  I looked recently at a product called Rumpus - any thoughts on that?

I appreciate the help - thanks.

Elly
0
Comment
Question by:EllysP
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 12

Expert Comment

by:dalesit
ID: 18000583
Security through obscurity does not help a great deal. Port scanning is done a great deal, and they will find the port, regardless of which one you are using. If you are using the ftp service provided by Max OS X server, then providing you keep up to date with security patches (using Software Update), you will be secure.

The biggest issue is that passwords are sent in clear text for default ftp. The best solution for this is to run SFTP which tunnels it over ssh. It isn't an issue if you are allowing anonymous ftp, as you don't have any sensitive passwords being sent.

Are you using this for an upload server or a download server?

What are the security issues you are concerned about?

Cheers,

Joel
0
 

Author Comment

by:EllysP
ID: 18000855
Hey Joel,

The non standard port was a suggestion from a party that we will be working with as a security measure.  I agree with you - that's probably not going to get me where I want to be but would still like to know how to set it up.
We're using the server for uploads and downloads.  The server is kept up to date with all patches.  I have a large number of people using the site and moving to sftp seems like a good solution, but it might cause a real hiccup in use - I would need special clients - correct?  (I am not allowing anonymous access.)
Although the data is not sensitive, it is important to keep the site secure to the extent that it will be available 24/7 and to keep the data from being compromised in any way.  

So what's involved in setting up sftp - what are the performance effects with the encryption?  And I'm still interested in opinions on third party ftp software - I've read that Mac OS X's implementation has issues - I'm interested in building and maintaining a solid, reliable server - so would appreciate ideas.

Thanks much,

Elly


0
 
LVL 12

Expert Comment

by:dalesit
ID: 18015948
Sftp doesn't particularly need setting up - if you enable ssh, then sftp gets enabled as well.

In terms of special clients, it can be done from the command line in Mac OS X, or you can use Interarchy, Fetch or others. For Windows there are winSCP and others.

I believe that the ftp server in Mac OS X Server is based on wu-ftpd - it was in Panther and before. This site <http://www.oreillynet.com/pub/a/mac/2005/03/04/ftp.html> gives details and also provides instructions for replacements. Many suggest using Pro-ftpd <http://www.proftpd.org/>.

Another good resource is <http://www.takecontrolbooks.com/tiger-sharing.html>

Cheers,

Joel
0
On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

 

Author Comment

by:EllysP
ID: 18039499
Thanks for the info - I'll check out the links and decide which way to go.
A couple quick final questions:
I'd still like to know how to use a non standard port AND which port does sftp use - how do I ensure people are using sftp and not regular ftp?

Thanks again - Elly
0
 
LVL 12

Accepted Solution

by:
dalesit earned 250 total points
ID: 18041433
SFTP runs over an ssh tunnel, so on port 22. FTP runs on ports 20 and 21. If you aren't running an ftp server, then you won't have anyone connecting with ftp.

You set the ports up on the firewall to forward the non-standard ports to the standard ports on the server. Eg 10020-10021->20-21.

To access these ports, you can add the port information to the url

eg ftp://foo.bar:10021/pub/test.txt

In command line ftp, you add the port by putting the port at the end of the line

eg ftp foo.bar 10021

you will probably need to use passive ftp.

Cheers,

Joel
0
 

Author Comment

by:EllysP
ID: 18042315
Thanks for all the info Joel - I've got one more question and I think I'm good to go.  I set up permissions in Workgroup manager for ftp access - how do I set permissions for sftp?

Elly
0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SUMMARY Enterprise backup in a heterogeneous network is a subject full of complications and restrictions. Issues such as filename & path structure, attributes and extended metadata always tend to complicate the subject to the extent where either …
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question