Solved

setting up ftp on Mac OS X to use non standard port

Posted on 2006-11-22
6
413 Views
Last Modified: 2013-11-13
Hello,

I currently have ftp running on a Mac OS X 10.3.9 server.  On my firewall I am port forwarding port 21 to that server and everything is working fine. I'm concerned about security and in lieu of changing to something like sftp, I'd like to use a non standard port for ftp requests. My question is what changes do I need to make to the ftp service (if any), what changes to my firewall (I'm pretty sure that I just forward my new port number to the ftp server), and finally what do my clients need to do to connect using the non standard port.  Currently, I have clients on Macs and PCs using Internet Explorer, Fetch, and WS_Ftp Pro.  There may be some other misc. clients, but I only support the ones mentioned.

Are there any other things that I need to consider before making a change like this? And do any of you have opinions about other products that I might use for a more secure ftp site?  I looked recently at a product called Rumpus - any thoughts on that?

I appreciate the help - thanks.

Elly
0
Comment
Question by:EllysP
  • 3
  • 3
6 Comments
 
LVL 12

Expert Comment

by:dalesit
Comment Utility
Security through obscurity does not help a great deal. Port scanning is done a great deal, and they will find the port, regardless of which one you are using. If you are using the ftp service provided by Max OS X server, then providing you keep up to date with security patches (using Software Update), you will be secure.

The biggest issue is that passwords are sent in clear text for default ftp. The best solution for this is to run SFTP which tunnels it over ssh. It isn't an issue if you are allowing anonymous ftp, as you don't have any sensitive passwords being sent.

Are you using this for an upload server or a download server?

What are the security issues you are concerned about?

Cheers,

Joel
0
 

Author Comment

by:EllysP
Comment Utility
Hey Joel,

The non standard port was a suggestion from a party that we will be working with as a security measure.  I agree with you - that's probably not going to get me where I want to be but would still like to know how to set it up.
We're using the server for uploads and downloads.  The server is kept up to date with all patches.  I have a large number of people using the site and moving to sftp seems like a good solution, but it might cause a real hiccup in use - I would need special clients - correct?  (I am not allowing anonymous access.)
Although the data is not sensitive, it is important to keep the site secure to the extent that it will be available 24/7 and to keep the data from being compromised in any way.  

So what's involved in setting up sftp - what are the performance effects with the encryption?  And I'm still interested in opinions on third party ftp software - I've read that Mac OS X's implementation has issues - I'm interested in building and maintaining a solid, reliable server - so would appreciate ideas.

Thanks much,

Elly


0
 
LVL 12

Expert Comment

by:dalesit
Comment Utility
Sftp doesn't particularly need setting up - if you enable ssh, then sftp gets enabled as well.

In terms of special clients, it can be done from the command line in Mac OS X, or you can use Interarchy, Fetch or others. For Windows there are winSCP and others.

I believe that the ftp server in Mac OS X Server is based on wu-ftpd - it was in Panther and before. This site <http://www.oreillynet.com/pub/a/mac/2005/03/04/ftp.html> gives details and also provides instructions for replacements. Many suggest using Pro-ftpd <http://www.proftpd.org/>.

Another good resource is <http://www.takecontrolbooks.com/tiger-sharing.html>

Cheers,

Joel
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:EllysP
Comment Utility
Thanks for the info - I'll check out the links and decide which way to go.
A couple quick final questions:
I'd still like to know how to use a non standard port AND which port does sftp use - how do I ensure people are using sftp and not regular ftp?

Thanks again - Elly
0
 
LVL 12

Accepted Solution

by:
dalesit earned 250 total points
Comment Utility
SFTP runs over an ssh tunnel, so on port 22. FTP runs on ports 20 and 21. If you aren't running an ftp server, then you won't have anyone connecting with ftp.

You set the ports up on the firewall to forward the non-standard ports to the standard ports on the server. Eg 10020-10021->20-21.

To access these ports, you can add the port information to the url

eg ftp://foo.bar:10021/pub/test.txt

In command line ftp, you add the port by putting the port at the end of the line

eg ftp foo.bar 10021

you will probably need to use passive ftp.

Cheers,

Joel
0
 

Author Comment

by:EllysP
Comment Utility
Thanks for all the info Joel - I've got one more question and I think I'm good to go.  I set up permissions in Workgroup manager for ftp access - how do I set permissions for sftp?

Elly
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

SUMMARY Enterprise backup in a heterogeneous network is a subject full of complications and restrictions. Issues such as filename & path structure, attributes and extended metadata always tend to complicate the subject to the extent where either …
In this article we will discuss some EI Capitan Mail app issues and provide some manual process to resolve them.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now