FTP over SSH with vsftpd

axcis · 12-24-2004, 08:16 AM

Hello,

I would like to get my server more secured, thus I want my visitors to use the FTP though SSH-tunneling.

I am running vsftpd on RedHat 9. Please point me in the documentation, or give me some help.

What I want
- disable the simple connections *(direct to the FTP server with un-encrypted password)
- grant only FTP over SSH (how to implement?)

I tried to use SecureCRT with my FTP client. I setup port-forwarding localhost:2021 -> destination:21

And the my connection was fine, except I did'nt get any data from FTP server (no file lists, directories and so on). Where should i tune either FTP client or SSH-tunnel?

Best wishes,
Dmitry.

twantrd · 12-25-2004, 01:41 PM

If you want ftp to tunnel through ssh, then take a look at the command "scp". That will take care of it for you.

-twantrd

Butt-Ugly · 12-25-2004, 05:11 PM

There are 2 different systems you are discussing here:

SFTP - SSH daemon configured with the 'sftp-server' subsystem. You can use Secure Copy (scp) or Secure File Transfer Program (sftp) to transfer files/data between your client application and server, while SSH handles your link encryption. You can disable the 'sftp-server' subsystem and still transfer all your files using scp. Also know as SSH FTP.

FTPS - Remember your old FTP server? FTPS is the implementation of 'Security Extensions' for the old FTP, as defined in RFC2228. This implements TSL/SSL encryption between client and server for confidentiality of authentication and data transfers. The vsftpd server is RFC2228 enabled as of version2 and works a treat.

You can (if you want) run both SSH FTP and FTPS servers, then access your system which ever suits your requirements at the time.

IMHO, I would configure vsftpd with TLS then chroot() your users where required. You can configure TLS to handle the whole session or only the authentication process if required, then drop back to plain text for transfer purposes, this saves encryption overheads while file transfering.

Linux Clients....
gFTP - SSH FTP and FTPS.

Windows Clients....
WinSCP - SSH FTP
SmartFTP - FTPS.
PuTTY - SSH command line client for windows PCs.

Miles.

alon005 · 12-27-2004, 03:04 AM

Quote:

Originally posted by axcis
Hello,

I would like to get my server more secured, thus I want my visitors to use the FTP though SSH-tunneling.

I am running vsftpd on RedHat 9. Please point me in the documentation, or give me some help.

What I want
- disable the simple connections *(direct to the FTP server with un-encrypted password)
- grant only FTP over SSH (how to implement?)

I tried to use SecureCRT with my FTP client. I setup port-forwarding localhost:2021 -> destination:21

And the my connection was fine, except I did'nt get any data from FTP server (no file lists, directories and so on). Where should i tune either FTP client or SSH-tunnel?

Best wishes,
Dmitry.

Ask your users to run this command first:

ssh -2 -N -f -L 2021:localhost:21 user@remote_ftpd_server.com

and then
run

ftp user@remote_ftpd and now everything will be tunneled

or install ftp server with ssl wrapper