Which is safer? Only ssh +scp for 2 users? Or ssh (1 user) + vsftpd (1 virtual user)
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Which is safer? Only ssh +scp for 2 users? Or ssh (1 user) + vsftpd (1 virtual user)
I am building a server that will need to accessible from the outside world for two operations:
1) I need to maintain it remotely (via ssh)
2) Automatically copy files to and from it from a second, dedicated machine (either via scp or vsftpd). The automated nature of this requires that the second machine either have a password stored in a script OR use keys with no passphrase. The second computer will be identical to the server (same physical security, same software, same configuration, etc...)
Do you think it is more secure to:
A) Only have a single user allowed to ssh into the machine and then install vsftp with a virtual user to do the automated copying. This way, even if the remote machine is compromised and the password/keys are stolen, a remote shell cannot be opened with this information. Only the vsftpd has been compromised.
B) Allow two users to ssh (the admin and the remote, automated user who will use scp) and NOT install vsftpd. The remote user would be an unprivileged user. By not installing vsftpd I will have reduced the number of open ports and the number of attack vectors?
A) Only have a single user allowed to ssh into the machine and then install vsftp with a virtual user to do the automated copying. This way, even if the remote machine is compromised and the password/keys are stolen, a remote shell cannot be opened with this information. Only the vsftpd has been compromised.
B) Allow two users to ssh (the admin and the remote, automated user who will use scp) and NOT install vsftpd. The remote user would be an unprivileged user. By not installing vsftpd I will have reduced the number of open ports and the number of attack vectors?
The admin user will use a password protected ssh-key, so his security is not at stake, given the physical security of the primary server.
For the unprivileged user who is using an unprotected key on the secondary machine (either for ftp or ssh) the security risks are totally different. In case of ftp there is no effective protection for the transmission of the ftp password, you can sniff it with a packet analyzer like wireshark. If you use (unprotected) ssh-keys for scp you will get full encryption of your connection and data transfer between the two servers, BUT you will have to guard the clear text ssh-key on the second server very closely. Use the second method, because ssh always outperforms (any) ftp with respect to security.
Last edited by kerrylinux; 09-18-2011 at 03:51 PM.
For the automated cxn, consider using ssh-agent to initiate the cxn and put the copying process into a daemon, inside the ssh-agent env.
This way you can use a passwd that doesn't have to reside on (client) disk (unlike the ssh-key).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
