FTP over SSH with vsftpd
I would like to get my server more secured, thus I want my visitors to use the FTP though SSH-tunneling.
I am running vsftpd on RedHat 9. Please point me in the documentation, or give me some help.
What I want
- disable the simple connections *(direct to the FTP server with un-encrypted password)
- grant only FTP over SSH (how to implement?)
I tried to use SecureCRT with my FTP client. I setup port-forwarding localhost:2021 -> destination:21
And the my connection was fine, except I did'nt get any data from FTP server (no file lists, directories and so on). Where should i tune either FTP client or SSH-tunnel?
If you want ftp to tunnel through ssh, then take a look at the command "scp". That will take care of it for you.
There are 2 different systems you are discussing here:
SFTP - SSH daemon configured with the 'sftp-server' subsystem. You can use Secure Copy (scp) or Secure File Transfer Program (sftp) to transfer files/data between your client application and server, while SSH handles your link encryption. You can disable the 'sftp-server' subsystem and still transfer all your files using scp. Also know as SSH FTP.
FTPS - Remember your old FTP server? FTPS is the implementation of 'Security Extensions' for the old FTP, as defined in RFC2228. This implements TSL/SSL encryption between client and server for confidentiality of authentication and data transfers. The vsftpd server is RFC2228 enabled as of version2 and works a treat.
You can (if you want) run both SSH FTP and FTPS servers, then access your system which ever suits your requirements at the time.
IMHO, I would configure vsftpd with TLS then chroot() your users where required. You can configure TLS to handle the whole session or only the authentication process if required, then drop back to plain text for transfer purposes, this saves encryption overheads while file transfering.
gFTP - SSH FTP and FTPS.
WinSCP - SSH FTP
SmartFTP - FTPS.
PuTTY - SSH command line client for windows PCs.
Re: FTP over SSH with vsftpd
ssh -2 -N -f -L 2021:localhost:21 user@remote_ftpd_server.com
ftp user@remote_ftpd and now everything will be tunneled
or install ftp server with ssl wrapper
|All times are GMT -5. The time now is 08:48 AM.|