TFTP is useful for PXE-booting and Cisco backups/loads. Other than that... Try vsftpd. It's in the 9.3 distro. -----Original Message----- From: Darryl Gregorash [mailto:raven@accesscomm.ca] Sent: Tue 9/6/2005 7:22 PM To: suse-linux-e@suse.com Subject: Re: [SLE] Secure FTP? Jay Paulson wrote:
I'm trying to set up an ftp site with my SuSE install. I'm using TFTP that came installed with SuSE 9.3. I went into YaST and enabled it and told it to configure the firewall appropriately etc. My question is that I have to connect from work to it using Secure FTP (SFTP). Is this possible with TFTP? If so where would I do the configuration of it? google tftp.
This on Wikipedia: uses UDP rather than TCP no authentication or encryption mechanisms Good grief, it cannot even list directory contents, why on earth would you even want to use it? -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
http://www.antionline.com/showthread.php?s=&threadid=266913 Read that. And dude, TFTP is NOT FTP. TFTP is used for things like routers that don't have Hard drives to update configuration info and the like, it was made to have no human interaction. You don't use it for DL anything, if you want an FTP server that you can use to download files from and TO your computer, use VSFTP, PureFTP, or if you're into pain, ProFTP. .... The next time you're setting up a service, you really should do a google search or something to check into it. TFTP more than likely isn't what you're looking for but does add a lovely insecurity to your network. The tutorial I linked to is written by me, so I don't need to credit anyone -gore / Allen
On Tuesday 06 September 2005 11:14 pm, Allen wrote:
TFTP is used for things like routers that don't have Hard drives to update configuration info and the like, it was made to have no human interaction
Hello Allen, Could you please elaborate more on that? I never really understood why routers and comm devices in general used TFTP for transfering files. What do you mean by "...don't have hard drives to update configuration info"? Thanks, Jorge
Jorge, Jay, On Tuesday 06 September 2005 20:49, Jorge Fábregas wrote:
On Tuesday 06 September 2005 11:14 pm, Allen wrote:
TFTP is used for things like routers that don't have Hard drives to update configuration info and the like, it was made to have no human interaction
Hello Allen,
Could you please elaborate more on that? I never really understood why routers and comm devices in general used TFTP for transfering files. What do you mean by "...don't have hard drives to update configuration info"?
As an earlier respondent stated, TFTP is used to boot diskless workstations and other hardware with no internal mass storage. Routers, e.g., are specialized but still sophisticated computers and they embody considerable internal configuration information that governs their operation. This information has to come from somewhere, and it is supplied via TFTP (from some centralized configuration management host) when those devices reboot and initialize themselves. As far as day-to-day file transfer goes, just forget about TFTP. Use SCP or sFTP. If you're not using the Internet, you can use FTP, but it's very unsecure, so it's not appropriate to use it for password-protected / non-anonymous transfers that traverse the Internet.
Thanks, Jorge
Randall Schulz
On Wednesday 07 September 2005 12:04 am, Randall R Schulz wrote:
As an earlier respondent stated, TFTP is used to boot diskless workstations and other hardware with no internal mass storage. Routers, e.g., are specialized but still sophisticated computers and they embody considerable internal configuration information that governs their operation. This information has to come from somewhere, and it is supplied via TFTP (from some centralized configuration management host) when those devices reboot and initialize themselves.
Thanks Randall for the explanation! Jorge
Randall R Schulz wrote:
As far as day-to-day file transfer goes, just forget about TFTP. Use SCP or sFTP. If you're not using the Internet, you can use FTP, but it's very unsecure, so it's not appropriate to use it for password-protected / non-anonymous transfers that traverse the Internet.
So vsftpd isn't very secure after all? I'm mildly worried now, I'm using vsftpd to serve files over the internet. Can you explain what it is that's insecure, is it something inherent in the FTP protocol or did you just mean that there are some dodgy implementations of it out there? Cheers, James.
On Wed, Sep 07, 2005 at 12:25:32PM +0100, James Watkins wrote:
So vsftpd isn't very secure after all? I'm mildly worried now, I'm using vsftpd to serve files over the internet. Can you explain what it is that's insecure, is it something inherent in the FTP protocol or did you just mean that there are some dodgy implementations of it out there?
AIUI, the "very secure" bit of vsftpd is to prevent crackers trying to gain control of your machine by connecting to the FTP port and doing something nasty (e.g. uploading a trojan over one of your system binaries, or doing a buffer overflow attack which gives them control over the FTP process (potentially running as root), etc.) FTP servers have traditionally been rather prone to attacks by crackers. Like telnet, the FTP is inherently insecure - the username and password are sent in plain text, and are therefore very vulnerable to being sniffed. of course, you can run your FTP session over an encrypted tunnel (e.g. VPN or SSH tunnel), but then it's not a standard FTP session. -- David Smith Work Email: Dave.Smith@st.com STMicroelectronics Home Email: David.Smith@ds-electronics.co.uk Bristol, England GPG Key: 0xF13192F2
David, James, On Wednesday 07 September 2005 05:21, David SMITH wrote:
On Wed, Sep 07, 2005 at 12:25:32PM +0100, James Watkins wrote:
So vsftpd isn't very secure after all? I'm mildly worried now, I'm using vsftpd to serve files over the internet. Can you explain what it is that's insecure, is it something inherent in the FTP protocol or did you just mean that there are some dodgy implementations of it out there?
AIUI, the "very secure" bit of vsftpd is to prevent crackers trying to gain control of your machine by connecting to the FTP port and doing something nasty (e.g. uploading a trojan over one of your system binaries, or doing a buffer overflow attack which gives them control over the FTP process (potentially running as root), etc.) FTP servers have traditionally been rather prone to attacks by crackers.
Like telnet, the FTP is inherently insecure - the username and password are sent in plain text, and are therefore very vulnerable to being sniffed. of course, you can run your FTP session over an encrypted tunnel (e.g. VPN or SSH tunnel), but then it's not a standard FTP session.
And, as I alluded, if the traffic does not traverse the open Internet or the content is not private or limited in distribution (no password or generally publicized password), then FTP is acceptable. But barring a VPN or SSH tunnel, as you mention, plain old FTP on the open Internet is not secure.
David Smith Work Email: Dave.Smith@st.com
Randall Schulz
participants (6)
-
Allen -
David SMITH -
James Watkins -
Jorge Fábregas -
Marlier, Ian -
Randall R Schulz