[Techtalk] sharing files - ssh and ftp
Rasjid Wilcox
rasjidw at openminddev.net
Sun May 4 11:45:20 EST 2003
Kim,
So what you want is that users are unable to (easily) discover the names of
other users on the system. For what you want, my SFTP solution will not
work, since users can still traverse up into /home and see the names of other
users.
I suspect that this is very hard if you are giving someone shell access, but
should be possible if you are just giving FTP access. So, I would agree with
Maria, you are really after a ftp-server, and having spent a little time
configuring proftpd, I would recommend it as being easy to configure. I
believe it also seen as fairly secure whilst still maintaining flexability.
The proftpd site has lots of good info, including a doc on configuring FTP
over SSH.
The key question is whether your ftp server is behind a firewall doing NAT or
has a public IP address.
>From a quick look at the docs, if your server has its own public IP address,
then you should be able to set up SSL/TLS support with proftpd. I think it
gets much harder if your ftp server is behind a NAT firewall. In this case,
you may need an ftp proxy, but ftp proxies that support ssl/tls seem to be a
bit thin on the ground.
A good place to start of the whole SSL/TLS for FTP thing is
http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html. Also see
http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
I spent quite a lot of time looking at all this a few years ago, and came up
with a SSH / Ftp Proxy / FTP server solution. However it is a little complex
for the average user, and due to limitations in Putty was somewhat unstable
on Windows. The whole TLS FTP thing seems to have progressed somewhat since
then, and is probably the way to go, but I can send you details (offlist) of
what I did if you like.
Cheers,
Rasjid.
--
Rasjid Wilcox
Canberra, Australia UTC + 10
http://www.openminddev.net
More information about the Techtalk
mailing list