Hi Basti,
Hi!
Due to the inherent vulnerability of the wu.ftpd, I want to switch to a different ftp daemon after upgrading one of my Webservers. It's Webmasters need ftp access (*sigh*); plain text login is no choice, so port forwarding of the control connection through a secure tunnel is needed (in this case via ssh: ssh -L <port>:<server>:21 <server>).
Make sure you specify the remote end of the port tunnel to be the real name of the server, not localhost. Otherwise, the ftpd might bind to the lo interface (because the control connection came from there), where a packet from a (real) network interface never arrives. Of course, you know that only passive mode ftp will work (ncftp doesn't do passive ftp) (where would the server want to open the connection to?).
The precompiled packages from SuSE will not work this way; wuftpd needs an additional configure parameter at compile time to work.
I think I had it running. :-/
I was not able to get the standard in.ftpd or proftpd (preferred) work with a tunneled control connection. Am I missing something, or is this impossible?
Bye, Bastian
PS: Sorry if you regard this mail being rather of the "how do i configure..." type than security related... Let's try it here anyway ;)
Thanks,
Roman.
--
- -
| Roman Drahtmüller