...I am setting up a linux machine to do ftp and was wondering if there was a secure way to set this up so it is not hacked. I used a Windows machine and it took someone two days to hack it. Any ideas... Thanks. Mike
Michael Garabedian wrote:
...I am setting up a linux machine to do ftp and was wondering if there was a secure way to set this up so it is not hacked. I used a Windows machine and it took someone two days to hack it. Any ideas...
FTP is mostly insecure ... ftp sucks at all ;) but if you need it: choose and ftpd who has only features you need. check out the suse version of wu-ftpd, it was reviewed by the suse staff. if wu-ftpd doesn't fit for you, take alook to other servers. Check lists like this one for bad news about the ftpd you want to use. keep your system up-to-date, close all services you don't need, install sec-check scripts from marc heuse (http://www.suse.de /~marc or on the cd's), try harden_suse also. Your system will never be 'secure' but you can try to best to keep it secure as possible. -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256 Junk mail is war. RFCs do not apply.
----- Original Message -----
From: "Sven Michels"
Michael Garabedian wrote:
...I am setting up a linux machine to do ftp and was wondering if there was a secure way to set this up so it is not hacked. I used a Windows machine and it took someone two days to hack it. Any ideas...
FTP is mostly insecure ... ftp sucks at all ;)
Use SCP. I just learned it. It rocks! HTH, Brian
Brian Topping wrote:
----- Original Message ----- From: "Sven Michels"
To: Sent: Wednesday, March 13, 2002 12:32 PM Subject: Re: [suse-security] FTP security... Michael Garabedian wrote:
...I am setting up a linux machine to do ftp and was wondering if there was a secure way to set this up so it is not hacked. I used a Windows machine and it took someone two days to hack it. Any ideas...
FTP is mostly insecure ... ftp sucks at all ;)
Use SCP. I just learned it. It rocks!
i don't want any user as real systemuser on my boxes, so scp doesn't work cause it needs real accounts (or you try to hack a pam module for auth against a db like mysql etc.). And you've still the problem with windows users, or do you know any free implementation of ssh2 for scp under windows? -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256 Junk mail is war. RFCs do not apply.
Give PSCP from the PuTTY project a try....
Brian Topping wrote:
----- Original Message ----- From: "Sven Michels"
To: Sent: Wednesday, March 13, 2002 12:32 PM Subject: Re: [suse-security] FTP security... Michael Garabedian wrote:
...I am setting up a linux machine to do ftp and was wondering if
there
was a secure way to set this up so it is not hacked. I used a Windows machine and it took someone two days to hack it. Any ideas...
FTP is mostly insecure ... ftp sucks at all ;)
Use SCP. I just learned it. It rocks!
i don't want any user as real systemuser on my boxes, so scp doesn't work cause it needs real accounts (or you try to hack a pam module for auth against a db like mysql etc.). And you've still the problem with windows users, or do you know any free implementation of ssh2 for scp under windows?
-- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256 Junk mail is war. RFCs do not apply.
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
* * Ralf 'coko' Koch * mailto:info@formel4.de * --- 75% der Internet-Nutzer sehen sich regelmäßig Sex-Seiten an - die restlichen 25% haben ihr Passwort vergessen.....
Try http://winscp.vse.cz/eng/ from the web-page, it supports SSH1 and SSH2 protocols, though RSA authentication seems only to be available for SSH1. It is a very good replacement for simple FTP, though ;) cu, Tilman Am Mit, 2002-03-13 um 18.39 schrieb Sven Michels:
Brian Topping wrote:
----- Original Message ----- From: "Sven Michels"
To: Sent: Wednesday, March 13, 2002 12:32 PM Subject: Re: [suse-security] FTP security... Michael Garabedian wrote:
...I am setting up a linux machine to do ftp and was wondering if there was a secure way to set this up so it is not hacked. I used a Windows machine and it took someone two days to hack it. Any ideas...
FTP is mostly insecure ... ftp sucks at all ;)
Use SCP. I just learned it. It rocks!
i don't want any user as real systemuser on my boxes, so scp doesn't work cause it needs real accounts (or you try to hack a pam module for auth against a db like mysql etc.). And you've still the problem with windows users, or do you know any free implementation of ssh2 for scp under windows?
-- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256 Junk mail is war. RFCs do not apply.
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here -- Tilman Müller-Gerbes Everything's .. under .. control (Hardware)
There is also PSCP (you'll have to google for it). Both sit on top of putty which is an SSH 1 + 2 client which MS should make default on all Windows machines. I dumped telnet and ftp, told my users that they had to use scp/ssh and things seem to be going well. They barely noticed when I turned off SSH1. Hen On 13 Mar 2002, Tilman Mueller-Gerbes wrote:
Try
from the web-page, it supports SSH1 and SSH2 protocols, though RSA authentication seems only to be available for SSH1.
It is a very good replacement for simple FTP, though ;)
cu, Tilman
Am Mit, 2002-03-13 um 18.39 schrieb Sven Michels:
Brian Topping wrote:
----- Original Message ----- From: "Sven Michels"
To: Sent: Wednesday, March 13, 2002 12:32 PM Subject: Re: [suse-security] FTP security... Michael Garabedian wrote:
...I am setting up a linux machine to do ftp and was wondering if there was a secure way to set this up so it is not hacked. I used a Windows machine and it took someone two days to hack it. Any ideas...
FTP is mostly insecure ... ftp sucks at all ;)
Use SCP. I just learned it. It rocks!
i don't want any user as real systemuser on my boxes, so scp doesn't work cause it needs real accounts (or you try to hack a pam module for auth against a db like mysql etc.). And you've still the problem with windows users, or do you know any free implementation of ssh2 for scp under windows?
-- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256 Junk mail is war. RFCs do not apply.
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here -- Tilman M�ller-Gerbes Everything's .. under .. control (Hardware)
Henri Yandell wrote:
There is also PSCP (you'll have to google for it). Both sit on top of putty which is an SSH 1 + 2 client which MS should make default on all Windows machines.
I dumped telnet and ftp, told my users that they had to use scp/ssh and things seem to be going well. They barely noticed when I turned off SSH1.
the only problem i had was that pscp doesn't work with ssh2 dsa keys.. execpt from that, putty is really nice -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256 Junk mail is war. RFCs do not apply.
You dont want ssh1 dsa its readable by tools as ettercap Sven Michels wrote:
Henri Yandell wrote:
There is also PSCP (you'll have to google for it). Both sit on top of putty which is an SSH 1 + 2 client which MS should make default on all Windows machines.
I dumped telnet and ftp, told my users that they had to use scp/ssh and things seem to be going well. They barely noticed when I turned off SSH1.
the only problem i had was that pscp doesn't work with ssh2 dsa keys.. execpt from that, putty is really nice
Use SCP. I just learned it. It rocks!
i don't want any user as real systemuser on my boxes, so scp doesn't work cause it needs real accounts (or you try to hack a pam module for auth against a db like mysql etc.). And you've still the problem with windows users, or do you know any free implementation of ssh2 for scp under windows?
use winscp2 - graphical scp client google for it -- Lentila de Vultur CDTT & CGA "Daca mai multe persoane imi spun ca sunt beat ma duc sa-mi curatz ochelarii." GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net
Hello, i have the same problems with ssh2 and dsa keys. I use it primary for cvs but i also want to use it for scp or sftp. I spend a lot of time for searching, but i found no tool that works. I have tested the follow tools: - pscp - psftp - WinSCP2 - SSHWinClient 3 - putty - PenguiNET - SecureFX - Shaolin SecureFTP - Secexc and many more. I only accept pubkey authentication but putty, WinSCP, etc. want always a password for authentication. Has anyone a solution? Mit freundlichen Gru?en, Timo Dotzauer Systemadministration inovex GmbH Karlsruher Stra?e 71 D-75179 Pforzheim Tel: +49-(0)72 31 - 31 91 79 Fax: +49-(0)72 31 - 31 91 91 mailto:t.dotzauer@inovex.de http://www.inovex.de -----Ursprungliche Nachricht----- Von: Lentila de Vultur [mailto:ledeve@gmx.net] Gesendet: Donnerstag, 14. Marz 2002 08:53 An: Sven Michels Cc: suse-security@suse.com Betreff: Re: [suse-security] FTP security...
Use SCP. I just learned it. It rocks!
i don't want any user as real systemuser on my boxes, so scp doesn't work cause it needs real accounts (or you try to hack a pam module for auth against a db like mysql etc.). And you've still the problem with windows users, or do you know any free implementation of ssh2 for scp under windows?
use winscp2 - graphical scp client google for it -- Lentila de Vultur CDTT & CGA "Daca mai multe persoane imi spun ca sunt beat ma duc sa-mi curatz ochelarii." GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
You could try http://cygwin.com/ which includes the "real" openssh code. I have not tested it myself, though, but expect it to work. No GUI, though, but plain old shell commands [sorry, I am not a regular windows user ;)] cu, Tilman Am Don, 2002-03-14 um 10.54 schrieb Timo Dotzauer:
Hello,
i have the same problems with ssh2 and dsa keys. I use it primary for cvs but i also want to use it for scp or sftp. I spend a lot of time for searching, but i found no tool that works.
-- Tilman Müller-Gerbes Everything's .. under .. control (Hardware)
i using the openssh3 client and it works realy good. But i need a GUI for some non technical users, like marketing- or salesmanager. A shell is a bit to tricky for this kind of users. I only need a tool with GUI that supported dsa keys with pubkey authentication. It is so extraordinari what i do and what i want? Mit freundlichen Grüßen, Timo Dotzauer Systemadministration inovex GmbH Karlsruher Straße 71 D-75179 Pforzheim Tel: +49-(0)72 31 - 31 91 79 Fax: +49-(0)72 31 - 31 91 91 mailto:t.dotzauer@inovex.de http://www.inovex.de -----Ursprüngliche Nachricht----- Von: Tilman Mueller-Gerbes [mailto:tmg@saar.de] Gesendet: Donnerstag, 14. März 2002 11:23 An: Timo Dotzauer Cc: suse-security@suse.com Betreff: Re: AW: [suse-security] FTP security... You could try http://cygwin.com/ which includes the "real" openssh code. I have not tested it myself, though, but expect it to work. No GUI, though, but plain old shell commands [sorry, I am not a regular windows user ;)] cu, Tilman Am Don, 2002-03-14 um 10.54 schrieb Timo Dotzauer:
Hello,
i have the same problems with ssh2 and dsa keys. I use it primary for cvs but i also want to use it for scp or sftp. I spend a lot of time for searching, but i found no tool that works.
-- Tilman Müller-Gerbes Everything's .. under .. control (Hardware)
Am Donnerstag, 14. März 2002 11:51 schrieben Sie:
I only need a tool with GUI that supported dsa keys with pubkey authentication. It is so extraordinari what i do and what i want?
Mit freundlichen Grüßen,
Timo Dotzauer
Hi, I know the problem. There's WinSCP out there, a free Czech Tool on http://winscp.vse.cz/eng/, but the stable version 1.x needs ssh1 compatibility mode, and that's exactly what we don't want anymore. WinSCP 2.0 is beta. Anyhow, it still doesn't support all we would like to see. Take a look at http://winscp.vse.cz/eng/requirements.php But so far, it seems compatible to graphic desingners and the management;) For the Unix world I don't know any. Greetings, Leppo. -- "Bloß weil du nicht paranoid bist, heißt das noch lange nicht, daß sie nicht hinter dir her sind." (Populäres Sprichwort in den 90ern)
I using WinSCP 2.0 but i think it can only handle ssh1 keys. If i try to use my key, i must enter a password. But my server not permit login with password. Mit freundlichen Grüßen, Timo Dotzauer Systemadministration inovex GmbH Karlsruher Straße 71 D-75179 Pforzheim Tel: +49-(0)72 31 - 31 91 79 Fax: +49-(0)72 31 - 31 91 91 mailto:t.dotzauer@inovex.de http://www.inovex.de -----Ursprüngliche Nachricht----- Von: Leppo von Arenfels [mailto:leppo@arenfels.de] Gesendet: Donnerstag, 14. März 2002 14:27 An: Timo Dotzauer Cc: suse-security@suse.com Betreff: Re: AW: AW: [suse-security] FTP security... Am Donnerstag, 14. März 2002 11:51 schrieben Sie:
I only need a tool with GUI that supported dsa keys with pubkey authentication. It is so extraordinari what i do and what i want?
Mit freundlichen Grüßen,
Timo Dotzauer
Hi, I know the problem. There's WinSCP out there, a free Czech Tool on http://winscp.vse.cz/eng/, but the stable version 1.x needs ssh1 compatibility mode, and that's exactly what we don't want anymore. WinSCP 2.0 is beta. Anyhow, it still doesn't support all we would like to see. Take a look at http://winscp.vse.cz/eng/requirements.php But so far, it seems compatible to graphic desingners and the management;) For the Unix world I don't know any. Greetings, Leppo. -- "Bloß weil du nicht paranoid bist, heißt das noch lange nicht, daß sie nicht hinter dir her sind." (Populäres Sprichwort in den 90ern) -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Thursday 14 March 2002 11:23, Tilman Mueller-Gerbes wrote:
You could try
which includes the "real" openssh code.
I have not tested it myself, though, but expect it to work. No GUI, though, but plain old shell commands [sorry, I am not a regular windows user ;)] I can confirm it does work with dsa keys, both ssh and scp.
Andreas ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been scanned for the presence of computer viruses. **********************************************************************
On Wednesday, 13. March 2002 18:23, Michael Garabedian wrote:
...I am setting up a linux machine to do ftp and was wondering if there was a secure way to set this up so it is not hacked. I used a Windows machine and it took someone two days to hack it. Any ideas...
How about WebDAV over https? This is much more secure than FTP.
Thanks.
Mike
hth, Robert -- Where do you want to be tomorrow? Entracom. Building Linux systems. http://www.entracom.de
participants (12)
-
Andreas Baetz
-
Brian Topping
-
foez
-
Henri Yandell
-
Lentila de Vultur
-
Leppo von Arenfels
-
Michael Garabedian
-
Ralf Koch
-
Robert Szentmihalyi
-
Sven Michels
-
Tilman Mueller-Gerbes
-
Timo Dotzauer