Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

setting up ftp on Mac OS X to use non standard port

Posted on 2006-11-22
6
Medium Priority
?
443 Views
Last Modified: 2013-11-13
Hello,

I currently have ftp running on a Mac OS X 10.3.9 server.  On my firewall I am port forwarding port 21 to that server and everything is working fine. I'm concerned about security and in lieu of changing to something like sftp, I'd like to use a non standard port for ftp requests. My question is what changes do I need to make to the ftp service (if any), what changes to my firewall (I'm pretty sure that I just forward my new port number to the ftp server), and finally what do my clients need to do to connect using the non standard port.  Currently, I have clients on Macs and PCs using Internet Explorer, Fetch, and WS_Ftp Pro.  There may be some other misc. clients, but I only support the ones mentioned.

Are there any other things that I need to consider before making a change like this? And do any of you have opinions about other products that I might use for a more secure ftp site?  I looked recently at a product called Rumpus - any thoughts on that?

I appreciate the help - thanks.

Elly
0
Comment
Question by:EllysP
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 12

Expert Comment

by:dalesit
ID: 18000583
Security through obscurity does not help a great deal. Port scanning is done a great deal, and they will find the port, regardless of which one you are using. If you are using the ftp service provided by Max OS X server, then providing you keep up to date with security patches (using Software Update), you will be secure.

The biggest issue is that passwords are sent in clear text for default ftp. The best solution for this is to run SFTP which tunnels it over ssh. It isn't an issue if you are allowing anonymous ftp, as you don't have any sensitive passwords being sent.

Are you using this for an upload server or a download server?

What are the security issues you are concerned about?

Cheers,

Joel
0
 

Author Comment

by:EllysP
ID: 18000855
Hey Joel,

The non standard port was a suggestion from a party that we will be working with as a security measure.  I agree with you - that's probably not going to get me where I want to be but would still like to know how to set it up.
We're using the server for uploads and downloads.  The server is kept up to date with all patches.  I have a large number of people using the site and moving to sftp seems like a good solution, but it might cause a real hiccup in use - I would need special clients - correct?  (I am not allowing anonymous access.)
Although the data is not sensitive, it is important to keep the site secure to the extent that it will be available 24/7 and to keep the data from being compromised in any way.  

So what's involved in setting up sftp - what are the performance effects with the encryption?  And I'm still interested in opinions on third party ftp software - I've read that Mac OS X's implementation has issues - I'm interested in building and maintaining a solid, reliable server - so would appreciate ideas.

Thanks much,

Elly


0
 
LVL 12

Expert Comment

by:dalesit
ID: 18015948
Sftp doesn't particularly need setting up - if you enable ssh, then sftp gets enabled as well.

In terms of special clients, it can be done from the command line in Mac OS X, or you can use Interarchy, Fetch or others. For Windows there are winSCP and others.

I believe that the ftp server in Mac OS X Server is based on wu-ftpd - it was in Panther and before. This site <http://www.oreillynet.com/pub/a/mac/2005/03/04/ftp.html> gives details and also provides instructions for replacements. Many suggest using Pro-ftpd <http://www.proftpd.org/>.

Another good resource is <http://www.takecontrolbooks.com/tiger-sharing.html>

Cheers,

Joel
0
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

 

Author Comment

by:EllysP
ID: 18039499
Thanks for the info - I'll check out the links and decide which way to go.
A couple quick final questions:
I'd still like to know how to use a non standard port AND which port does sftp use - how do I ensure people are using sftp and not regular ftp?

Thanks again - Elly
0
 
LVL 12

Accepted Solution

by:
dalesit earned 750 total points
ID: 18041433
SFTP runs over an ssh tunnel, so on port 22. FTP runs on ports 20 and 21. If you aren't running an ftp server, then you won't have anyone connecting with ftp.

You set the ports up on the firewall to forward the non-standard ports to the standard ports on the server. Eg 10020-10021->20-21.

To access these ports, you can add the port information to the url

eg ftp://foo.bar:10021/pub/test.txt

In command line ftp, you add the port by putting the port at the end of the line

eg ftp foo.bar 10021

you will probably need to use passive ftp.

Cheers,

Joel
0
 

Author Comment

by:EllysP
ID: 18042315
Thanks for all the info Joel - I've got one more question and I think I'm good to go.  I set up permissions in Workgroup manager for ftp access - how do I set permissions for sftp?

Elly
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SUMMARY Enterprise backup in a heterogeneous network is a subject full of complications and restrictions. Issues such as filename & path structure, attributes and extended metadata always tend to complicate the subject to the extent where either …
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question