Re[2]: [WBEL-users] Where to start with an SSH server ?
Mickael Maddison
Mickael Maddison <mike@kamloopsbc.com>
Tue, 2 Nov 2004 08:45:19 -0800
Hello!
Some companies are promoting SSH servers that offer per-user directory controls for SFTP, something along the lines of what we do now with FTP.
Does anyone know if/how we can achieve that result?
Mike
Tuesday, November 2, 2004, 6:48:34 AM, you wrote:
BJW> On Tue, 2 Nov 2004, Jean Lee wrote:
>> Hello,
>>
>> I want to implement a corporate ftp server using ssh.
>> Is OpenSSH a good choice ?
>> Do I have to use sshd or sshd_ftpserver ?
>> Where can I find a good documentation and tutorial for it ? I'm new and
>> I would like to understand how it works and not only how to use it.
>>
>> More genrally, I am quite new to the network, file sharing over internet
>> and security problems and I would like to understand the differences
>> between FTP, SSH, TLS secured FTP, Kerberos, S/Keys, VPN, (Why not FTP
>> over VPN if it exists) and all the others that I don't know.... Is
>> there any existing documentation which explains the general usage of
>> these protocols and makes a comparison of usage, security and the
>> application (and why not make a comparison of avalaible binaries for each)?
>> Yes I know : I ask a lot :) but I'm a bit lost with all these abreviations.
>>
>> Thanks for any help,
BJW> Jean,
BJW> The ssh (Secure SHell) daemon that comes with Redhat and Whitebox linux
BJW> also handles sftp (Secure File Transfer Protocol) and scp (Secure CoPy)
BJW> protocol. sftp is a good way to securely move or copy files back and
BJW> forth across a network.
BJW> The major problem with ftp is that the user name and password are sent "in
BJW> the clear", meaning non-encrypted. This means that anybody running a
BJW> sniffer on the network can get your user name and password, as well as
BJW> whatever files you're transmitting or receiving.
BJW> sftp encrypts the user name, password, and the file data, so you should be
BJW> safe. And the beauty of it is, you won't have to install any new software
BJW> on your linux box, as it comes installed by default!
BJW> You *do* need to make two changes to the configuration file, to make sure
BJW> that your ssh daemon is secure. You'll need to open /etc/ssh/sshd_config
BJW> and find the line that looks like:
BJW> # Protocol 2,1
BJW> and change it to look like
BJW> Protocol 2
BJW> This is because ssh protocol 1 has serious flaws and is insecure.
BJW> The other line that you should change is:
BJW> # PermitRootLogin yes
BJW> and change it to look like
BJW> PermitRootLogin no
BJW> This will keep out folks trying to hack your root login over the internet.
BJW> Once you've made these two changes and saved them, restart your ssh daemon
BJW> with the command:
BJW> service sshd restart
BJW> And you should be set.
BJW> WinSCP is a very good Windows sftp/scp client that I use all the time to
BJW> access my linux server. It's great for copying files, and can be found
BJW> at:
BJW> http://winscp.sourceforge.net/eng/
BJW> About the best ssh client (basically a secure telnet replacement) is
BJW> called PuTTY, and can be found at:
BJW> http://www.chiark.greenend.org.uk/~sgtatham/putty/
BJW> These are my favorite ways of accessing my server securely.
BJW> Hope this helps!
BJW> Ben
BJW> _______________________________________________
BJW> Whitebox-users mailing list
BJW> Whitebox-users@beau.org
BJW> http://beau.org/mailman/listinfo/whitebox-users
BJW> __________ NOD32 1.914 (20041101) Information __________
BJW> This message was checked by NOD32 antivirus system.
BJW> http://www.nod32.com