Subject: Re: Secure FTP server
To: 'netbsd-users@netbsd.org' <netbsd-users@netbsd.org>
From: Jorgen Lundman <lundman@lundman.net>
List: netbsd-users
Date: 03/21/2002 09:15:48
David S. wrote:
>> I am a new user and have found plenty of Howto's in regards to
>>setting up a FTP server for anonomous users, but i would like to set up a
>>secure FTP server that accepts a Username and Password. Idealy this FTP
>>would let me get things from it and upload stuff. I would like to use my
>>local login name and password: eg Robert and password 12345. There would be
>>multiple users accessing the FTP the same way. Any suggestions on Syntax
>>for setting it up?
>
>
> Ordinary FTP is not terribly secure, as it transmits your password in
> clear text, and data unencrypted. NetBSD comes with 'sftp' (which
> isn't really FTP, but 'ssh' disguised to look like it), which is rather
> more secure. Or, you could use ordinary FTP with 'ssh' port-forwarding
> (see man ssh). If you want to install a third-party "secure" FTP, some
> to look at are
>
> Kerber-ized FTP: http://www.pdc.kth.se/heimdal/
> SafeTP: http://safetp.cs.berkeley.edu/
> Secure FTP: http://security.sdsc.edu/software/secureftp/
> SRP FTP: http://srp.stanford.edu
> GridFTP: http://www.globus.org/datagrid/gridftp.html
Wrote my own too, comes with SRP and TLS/SSL internally, and supports
SafeTP as well. Uses internal userdb as opposed to /etc/passwd though,
so may not be applicable for all, but very good for a distribution ftpd.
http://www.lundman.net/unix/lundftpd.html - sources on CVS.
Lund
--
Jorgen "Lord" Lundman <lundman@lundman.net>
Technology Manager, Unix Administrator
Phone: +44 (0)20-86591860 Mobile: +44 (0)79-58642918
Pager: 07958642918@one2one.net
"Rare is the person who can weigh the faults of others
without putting his thumb on the scales": Byron J. Langenfeld