LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Apache ssh dreamweaver vsftpd question (https://www.linuxquestions.org/questions/linux-security-4/apache-ssh-dreamweaver-vsftpd-question-200764/)

wheatstraw 07-03-2004 03:28 PM
Apache ssh dreamweaver vsftpd question
 
I am having trouble setting up my web server.

I host websites for a few people. What I want to do is to have them connect to my server with Dreamweaver MX using the ssh option to upload changes to their sites.

My server is Apache 1.3.26 on a Debian woody. I am running vsftpd_1.0.0-2 and sshd. Each site is a virtual machine in httpd.conf.

I have set up /home/$USER/public_html/$SITENAME directories for the sites and have done: chown -R $USERNAME.www-data /home/$USER/public_html so that apache will be able to serve up the pages.

I have a virtual XP machine set up for test purposes (vmware), running Dreamweaver MX. I can edit the site and connect from Dreamweaver MX as regular ftp. I am able to delete and upload files and all is good.

When I enable the "Use SSH encrypted secure login", puTTy opens a shell and I can log in to the server. I minimize the shell window and click OK in Dreamweaver's "Waiting for ssh login" window. I watch Dreamweaver's ftp log while this is happening and I seem to connect:
<Dreamweaverlog>

Using port 2000
220 ready, dude (vsFTPd 1.0.0: beat me, break me)
USER $USER
331 Please specify the password.
PASS
230 Login successful. Have fun.
SYST
215 UNIX Type: L8
PWD
257 "/home/$USER"
CWD /home/$USER/public_html/$USERWEBSITE
250 Directory successfully changed.
CWD /home/$USER/public_html/$USERWEBSITE/_notes
550 Failed to change directory.
CWD /home/$USER
250 Directory successfully changed.
MKD public_html/$USERWEBSITE/XYIZNWSK
257 "/home/$USER/public_html/$USERWEBSITE/XYIZNWSK" created
CWD /home/$USER/public_html/$USERWEBSITE
250 Directory successfully changed.
PWD
257 "/home/$USER/public_html/$USERWEBSITE"
TYPE A
200 ASCII tastes bad, dude.
PASV
227 Entering Passive Mode (4,14,222,74,53,134)
LIST
425 Security: Bad IP connecting.
CWD /home/$USER
250 Directory successfully changed.
RMD public_html/$USERWEBSITE/XYIZNWSK
250 Remove directory operation successful.
CWD /home/$USER/public_html/$USERWEBSITE
250 Directory successfully changed.
PWD
257 "/home/$USER/public_html/$USERWEBSITE"

</Dreamweaverlog>

I then get an error: "Dreamweaver cannot determine the remote server time. The Select Newer and Synchronize commands will not be available."

I click OK and I cannot view any files on the remote server and cannot upload any files.

I have tried connecting to the server with puTTy by itself, and I have regular user permissions. I am able to delete and create files in my $USERWEBSITE directory. As I said, it also works without the ssh option.

Is there something I have to edit in sshd_config to allow an ftp tunnel?

Dreamweaver does the port forward settings properly via putty. I am also manually able to forward a vnc connection to a machine behind the server via puTTy.

Thanks in advance for any advise offered.

codestrom 06-03-2005 11:28 AM
Dreamweaver vsftpd epsv pasv and sorta workaround
 
Okej..

Intead of opening a new thread I'm going to clarify some of my experience and try to give help where I can.

#1 Your setup may be just fine.. I have a similar setup... I'm running Linux with Codega and Dreamweaver on top. (I'm used to it and don't really care for NVU, Eclipse or any of the other choices for a RAD IDE/ WYSIWYG.)

Dreamweaver MX is unfortunately the lastest version support by Codega atm.. This means sftp isn't an option. Only regular FTP tunneled through SSH.. (IE a similar situation to what you have above.)

From what I say while tailing the ftp logs from vsftpd..

At a termnial the defautl linux ftp client works fine for me, but I have to forward two ports over SSH.. vsftp will allow you to narrow the range of "PASV" ports. So I narrowed it to one and forwarded that as well.

sudo ssh -C -L 3333:xxx.xxx.xxx.xxx:21 -L 20000:xxx.xxx.xxx.xxx:20000 root@xxx.xxx.xxx.xxx

connect with your fav ftp client like ftp localhost 3333

From the Linux ftp client I see it's using "EPSV" and pulls down the directory.. I can read and write files with no problems.
of "EPSV"
Jun 3 10:39:43 eclipse vsftpd: Fri Jun 3 10:39:43 2005 [pid 13330] [codestrom] FTP response: Client "xxx.xxx.xxx.xxx", "229 Entering Extended Passive Mode (|||20000|)"

With Dreamweaver on the other hand it's using "PASV" and fails.. I'm going to tail a tcpdump when I have more time later, but if anyone has any suggestions it's appreciated.

Also.. I'm not sure the following setup should be used unless you have tight control over the SSH access as narrowing the port range is a typically a bad idea..

Google "ftp attacks" if you don't believe me..


All times are GMT -5. The time now is 02:04 AM.