FTP Attacks
http://www.securityportal.com/closet/closet20010418.html
Kurt Seifried, seifried@securityportal.com
PGP Key ID: 0xAD56E574 Fingerprint:
A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574
http://www.securityportal.com/
----- Original Message -----
From: "Ralf Koch"
For tunneling a FTP connection via SSH, please have a look at
http://www.ccp14.ac.uk/ccp14admin/security/secure_tunnelling_ftp.htm
I am under the impression that the solutions provided at the above link do indeed work as I suggested, i.e. the control connection is tunneled via SSH, but the data connection occurs outside of that tunnel, as is indicated by the link to 'SSH Tunneling via ProFTPD' on the page above. Note also that they have active and passive FTP mixed up in the quoted post titles 'Something to keep in mind'.
Yeah, you're right (I missed that funny part in the quoted post). And that's exactly why I prefer sftp and scp. You don't have to worry about the data connection, active and passive FTP and local or remote firewalls (if SSH is allowed). The only connection between local and remote host is the SSH connection. Ralf * * Ralf 'coko' Koch * mailto:info@formel4.de * --- Drücken Sie auf Abbrechen zum Fortfahren -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com