Hi! Due to the inherent vulnerability of the wu.ftpd, I want to switch to a different ftp daemon after upgrading one of my Webservers. It's Webmasters need ftp access (*sigh*); plain text login is no choice, so port forwarding of the control connection through a secure tunnel is needed (in this case via ssh: ssh -L <port>:<server>:21 <server>). The precompiled packages from SuSE will not work this way; wuftpd needs an additional configure parameter at compile time to work. I was not able to get the standard in.ftpd or proftpd (preferred) work with a tunneled control connection. Am I missing something, or is this impossible? Bye, Bastian PS: Sorry if you regard this mail being rather of the "how do i configure..." type than security related... Let's try it here anyway ;) -- Bastian Friedrich bastian@bastian-friedrich.de Adress & Fon available on my HP http://www.bastian-friedrich.de/ \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ \ All things are green unless they are not.
Hi Basti,
Hi!
Due to the inherent vulnerability of the wu.ftpd, I want to switch to a different ftp daemon after upgrading one of my Webservers. It's Webmasters need ftp access (*sigh*); plain text login is no choice, so port forwarding of the control connection through a secure tunnel is needed (in this case via ssh: ssh -L <port>:<server>:21 <server>).
Make sure you specify the remote end of the port tunnel to be the real name of the server, not localhost. Otherwise, the ftpd might bind to the lo interface (because the control connection came from there), where a packet from a (real) network interface never arrives. Of course, you know that only passive mode ftp will work (ncftp doesn't do passive ftp) (where would the server want to open the connection to?).
The precompiled packages from SuSE will not work this way; wuftpd needs an additional configure parameter at compile time to work.
I think I had it running. :-/
I was not able to get the standard in.ftpd or proftpd (preferred) work with a tunneled control connection. Am I missing something, or is this impossible?
Bye, Bastian
PS: Sorry if you regard this mail being rather of the "how do i configure..." type than security related... Let's try it here anyway ;)
Thanks,
Roman.
--
- -
| Roman Drahtmüller
Bastian Friedrich wrote:
Hi!
Due to the inherent vulnerability of the wu.ftpd, I want to switch to a different ftp daemon after upgrading one of my Webservers. It's Webmasters need ftp access (*sigh*); plain text login is no choice, so port forwarding of the control connection through a secure tunnel is needed (in this case via ssh: ssh -L <port>:<server>:21 <server>).
try scp [-r...] with ssh sftp whith ssh2 they also secure your data connections they do not use ftpd but sshd. -- Denis dg@pinck.ch
Hi! Denis Gassilloud schrieb am Mon, 4 Dec 2000 um 18:28:
Bastian Friedrich wrote:
Due to the inherent vulnerability of the wu.ftpd, I want to switch to a different ftp daemon after upgrading one of my Webservers. It's Webmasters need ftp access (*sigh*); plain text login is no choice, so port forwarding of the control connection through a secure tunnel is needed (in this case via ssh: ssh -L <port>:<server>:21 <server>).
try scp [-r...] with ssh sftp whith ssh2 they also secure your data connections they do not use ftpd but sshd.
Once again: The box' webmasters need ftp, the box' webmasters need ftp and they need ftp. Sometimes it's not a matter of "take another tool" :( scp and sftp even encrypt - in contrast to "regular" ftp - the data connection; this is - in many cases - unnecessery, in some cases even unwanted, as it blows up connection time, system load and most of the time even data amount (try to scp and ftp a file from one system to another in a 10 MBit network - transfer rates may differ by a factor of two). The primary reason for having to use ftp here is the proprietary O/S (they call it MicroThoft Windowth or thomething) on the other side of the connection... Thx 4 your hint anyway. Bye, Basti -- Bastian Friedrich bastian@bastian-friedrich.de Adress & Fon available on my HP http://www.bastian-friedrich.de/ \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ \ Earth is 98% full... please delete anyone you can.
participants (3)
-
Bastian Friedrich
-
Denis Gassilloud
-
Roman Drahtmueller