Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 11-04-2010, 06:58 AM   #1
Registered: Aug 2010
Posts: 50

Rep: Reputation: 1
Opening FTP service on public facing website for 3rd party maintenance access

Hi All,

I'd like to know if this is common security flaw or normal to open up FTP to the public which is of course protected with password for 3rd party access to maintain our public facing / production website ?

If yes, what sort of FTP application to install in your Linux webserver ?

Any kind of sharing and suggestion in regards to this thread will be greatly appreciated.


Old 11-04-2010, 07:35 AM   #2
Senior Member
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
I would say, anything open to public internet is always at risk. Even if you have got authentication at place. If it is going to be used by limited users and if they have static addresses, using iptables to only allow certain addresses for FTP will increase the security. Also changing the default listening port to something else should put another layer of security.
You can use vstfpd for your needs though.
1 members found this post helpful.
Old 11-04-2010, 07:49 AM   #3
LQ Veteran
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
You should also consider using SSL with your FTP server as FTP transmits usernames and passwords in the clear. That isn't a problem if you're just using anonymous access, but if you're allowing access to only specific people, it is something worth considering.
1 members found this post helpful.
Old 11-04-2010, 07:56 AM   #4
Senior Member
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,280

Rep: Reputation: 894Reputation: 894Reputation: 894Reputation: 894Reputation: 894Reputation: 894Reputation: 894
I think I would want to have SSH implemented for any outside access (and require the use sftp; sftp "...operates over an encrypted ssh transport."

With ssh, you control who has what access and it's a reliable way to do what you're interested in. SSH is, in many ways, analogous to the user id/password system.

You may wish to turn off (or not turn on) ftp services, possibly found in /etc/inetd.conf (your location may vary). The services lines in /etc/inetd.conf look like this:
# These are standard services:
# Very Secure File Transfer Protocol (FTP) server.
#ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  vsftpd
# Professional File Transfer Protocol (FTP) server.
#ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  proftpd
# Telnet server:
#telnet stream  tcp     nowait  root    /usr/sbin/tcpd  in.telnetd
On my systems, there are all commented out (meaning that they are not available) and external users are required to use SSH (and, thus, sftp) for any connections or file transfers.

Hope this helps some.
2 members found this post helpful.
Old 11-04-2010, 09:04 AM   #5
Registered: Jun 2003
Posts: 481

Rep: Reputation: 48
^ Agreed

ftp over ssh with access controlled by keys and passphrases will give you a fairly tight lockdown.
1 members found this post helpful.
Old 11-04-2010, 09:19 AM   #6
Registered: Aug 2010
Posts: 50

Original Poster
Rep: Reputation: 1
ah.. yes sFTP, so in this case only port 80 and 22 that is open to the public ?
great, so can I use Filezilla from the internet to upload this ?
Old 11-04-2010, 10:13 AM   #7
Registered: Jun 2003
Posts: 481

Rep: Reputation: 48
Yup. It will even do key based authentication.
1 members found this post helpful.


blog, ftp, linux, ubuntu, wordpress

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
3rd party library rosy Jovita Linux - Newbie 15 03-16-2010 05:08 AM
3rd party package managers? crontab Slackware 3 10-06-2007 11:34 AM
install 3rd party softwares sujitkale Linux - Software 7 09-02-2007 07:10 AM
Safety of 3rd party cd's robby737 Linux - Security 5 06-16-2004 12:04 PM
Did you know You don't need 3rd party FTP clients and servers? Paul Parr Linux - Newbie 11 05-05-2003 07:21 PM

All times are GMT -5. The time now is 06:09 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration