• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3254
  • Last Modified:

RHEL 5 FTP software question

For Red Hat Enterprise Linux 5, what is a good secure FTP solution that will integrate with e-mail and avoid having the customer use a third-party client to authenticate to upload and download files through a chroot jail? The ideal solution would be to have a secure web-based interface that I could easily integrate into an existing site without alot of hassle, where the secure session is initiated through an e-mail sent to the client. However, I'm finding mostly expensive convoluted enterprise solutions or low-end anonymous FTP daemons. Each customer is unique, and I don't want to simply have a file dump for everyone to see. Yes, I have tried WebDAV on the Microsoft end, but even that seems too complicated for some people, any suggestions?
0
dburk1
Asked:
dburk1
1 Solution
 
WizRd-LinuxCommented:
By default vsftpd locks users in a chrooted jail in their own home directory.  You could easily then have a webpage that "connects" to the ftp to upload and download files as required.  To "secure" the website you will need an SSL cert, either paid or self generated.  Paid will stop the issue of annoying popups saying the website is insecure.

As for integration with email, I'm not entirely sure what you are trying to achieve there..
0
 
dburk1Author Commented:
What I mean by e-mail is something akin to one of the many ftp sites and services out there where you can send an e-mail with a link that somehow has a unique key that permits the connection for that session. Would I be able to use a standard Microsoft web browser to connect to vsftp using SSL? I know v6 didn't like it in file mode. I would then have no problem paying for a certificate in that case. I was also looking sftp with SSH, but chroot jail is a pain to configure and you need an SSH capable ftp client. Please let me know if I'm off on this.

0
 
arrkerr1024Commented:
I've never seen an email that had a link to an FTP site, it is always a HTTP site - for very good reason.  This is sooo easy to do with a simple web app in any language (probably php in your case).   Does it have to be FTP?

If it absolutely has to be FTP, you could try ProFTPD and use mysql authentication.  You could then use an app to generate the emails and also add the username/pass to the database and configure ProFTPD to have whatever security/jails you want.  I believe some people have gotten this to work with SSL as well, but I haven't ever tried.

HTTP is the way to go for this unless you have a really good reason not to - you're talking a few hours of programming vs. a world of pain figuring it out with ftp.
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Tackle projects and never again get stuck behind a technical roadblock.
Join Now