[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ftp server
- To: Ishai Parasol <ishai-iglu(at-nospam)parasol.org.il>
- Subject: Re: ftp server
- From: "Nadav Har'El" <nyh(at-nospam)math.technion.ac.il>
- Date: Thu, 23 Aug 2001 16:52:09 +0300
- Cc: Linux - IL Maling List <linux-il(at-nospam)linux.org.il>
- Delivered-To: linux.org.il-linux-il@linux.org.il
- Hebrew-Date: 4 Elul 5761
- In-Reply-To: <000801c12bd7$cecd2b40$0201a8c0@parasol>; from ishai-iglu@parasol.org.il on Thu, Aug 23, 2001 at 04:30:37PM +0300
- References: <000801c12bd7$cecd2b40$0201a8c0@parasol>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
- User-Agent: Mutt/1.2i
On Thu, Aug 23, 2001, Ishai Parasol wrote about "ftp server":
> I'm going to run a ftp server on my RH just for a personal use (downloading
> files from work) without an anonymous login. I would like to get
> recomendations for a simple and safe server.
>
> A question: I'd like to know if using a simple ftp sever (without ssh stuff)
> is dangerous like login with telnet (I'm talking about the password problem)
> ?
You hit the nail right on the head. If you allow ftp for real users (as
opposed to anonymous ftp) there's a problem with the password being sent
clear-text over the internet. If it is sniffed, someone can later "telnet"
or "ssh" to this real account (if such servers are running) or even "ftp"
in to install trojans.
To solve this problem, consider one of the following two solutions:
1. Copy files from work using scp.
2. Copy files using either anonymous ftp, or better: a "guest account"
(search for guestgroup in the ftpaccess manual). Anonymous ftp is the
simplest but not easy to control other people abusing it.
Guest accounts are like named anonymous ftp accounts: they have a password
(so that it isn't as trivial to connect to as anonymous ftp, and can work
for multiple users) but these are seperate from the real users and can't
be used to log in. Also, guest accounts are put in a chroot jail (like
anonymous ftp) so if someone infiltrates one (easy, because the passwords
are still easy to sniff), it won't get them anywhere. Warning: these guest
accounts are not easy to set up, but ftpaccess(5) explains how to do it.
P.S. Pop3 and Telnet have exactly the same unecrypted-password problem. So
if you're using one of these to the same machine, don't worry too much about
having an unencrypted ftp password - you're screwed anyway ;)
--
Nadav Har'El | Thursday, Aug 23 2001, 4 Elul 5761
nyh@math.technion.ac.il |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |A messy desk is a sign of a messy mind.
http://nadav.harel.org.il |An empty desk is a sign of an empty mind.
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il