Re[2]: [WBEL-users] Where to start with an SSH server ?

[Mickael Maddison]

Hello!

Some companies are promoting SSH servers that offer per-user directory controls for SFTP, something along the lines of what we do now with FTP.
Does anyone know if/how we can achieve that result?

Mike

Tuesday, November 2, 2004, 6:48:34 AM, you wrote:

BJW> On Tue, 2 Nov 2004, Jean Lee wrote:

>> Hello,
>> 
>> I want to implement a corporate ftp server using ssh.
>> Is OpenSSH a good choice ?
>> Do I have to use sshd or sshd_ftpserver ?
>> Where can I find a good documentation and tutorial for it ? I'm new and
>> I would like to understand how it works and not only how to use it.
>> 
>> More genrally, I am quite new to the network, file sharing over internet
>> and security problems and I would like to understand the differences
>> between FTP, SSH, TLS secured FTP, Kerberos, S/Keys, VPN, (Why not FTP
>> over VPN if it exists) and all the others that I  don't know.... Is
>> there any existing documentation which explains the general usage of
>> these protocols and makes a comparison of usage, security and the 
>> application (and why not make a comparison of avalaible binaries for each)?
>> Yes I know : I ask a lot :) but I'm a bit lost with all these abreviations.
>> 
>> Thanks for any help,

BJW> Jean,

BJW> The ssh (Secure SHell) daemon that comes with Redhat and Whitebox linux
BJW> also handles sftp (Secure File Transfer Protocol) and scp (Secure CoPy)
BJW> protocol.  sftp is a good way to securely move or copy files back and
BJW> forth across a network.

BJW> The major problem with ftp is that the user name and password are sent "in
BJW> the clear", meaning non-encrypted.  This means that anybody running a
BJW> sniffer on the network can get your user name and password, as well as
BJW> whatever files you're transmitting or receiving. 

BJW> sftp encrypts the user name, password, and the file data, so you should be
BJW> safe.  And the beauty of it is, you won't have to install any new software
BJW> on your linux box, as it comes installed by default!

BJW> You *do* need to make two changes to the configuration file, to make sure
BJW> that your ssh daemon is secure.  You'll need to open /etc/ssh/sshd_config
BJW> and find the line that looks like:

BJW> # Protocol 2,1

BJW> and change it to look like

BJW> Protocol 2

BJW> This is because ssh protocol 1 has serious flaws and is insecure.

BJW> The other line that you should change is:

BJW> # PermitRootLogin yes

BJW> and change it to look like

BJW> PermitRootLogin no

BJW> This will keep out folks trying to hack your root login over the internet.

BJW> Once you've made these two changes and saved them, restart your ssh daemon
BJW> with the command:

BJW> service sshd restart

BJW> And you should be set.

BJW> WinSCP is a very good Windows sftp/scp client that I use all the time to
BJW> access my linux server.  It's great for copying files, and  can be found
BJW> at:

BJW> http://winscp.sourceforge.net/eng/

BJW> About the best ssh client (basically a secure telnet replacement) is
BJW> called PuTTY, and can be found at:

BJW> http://www.chiark.greenend.org.uk/~sgtatham/putty/

BJW> These are my favorite ways of accessing my server securely.

BJW> Hope this helps!

BJW> Ben

BJW> _______________________________________________
BJW> Whitebox-users mailing list
BJW> Whitebox-users@beau.org
BJW> http://beau.org/mailman/listinfo/whitebox-users


BJW> __________ NOD32 1.914 (20041101) Information __________

BJW> This message was checked by NOD32 antivirus system.
BJW> http://www.nod32.com