Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have recently setup a RHEL 5.3 server primarily to be used as an Apache web server. I also now have a requirement to have this server also service SFTP requests for uploading/downloading files.
1. By default RHEL 5.3 allows SFTP (over TCP port 22). However when searching for SFTP site setup I've come across the fact that RedHat recommends using vsftpd. So if I configure vsftpd, what happens to the default SFTP and the ability to remotely use something like PuTTY to SSH into the server? Really looking to see if SFTP or vsftpd is best. Also, is vsftpd as or more secure than FTP over SSH?
2. I've set aside a separate disk parition (to keep it away from the system partition to help lock down security) for the SFTP site. So I want to use that as the default SFTP root directory structure. How can this be achieved?
3. My requirements dictate 3 separate directories need to be used, each with their own associated SFTP user. The user can only read/write it's own directory structure and cannot navigate out of it. Also there will be a SFTP super user able to navigate through each of the 3 directory structures mentioned, but will not be able to navigate out of it's home directory. Can this be done, if so how?
There will be no SSL certificates in play at the moment. I'm more concerned about getting things setup and working correctly first. However there may be a requirement to use them later.
The site will be accessed over the Internet initially, hence the reason I'm looking to make it as secure as possible while getting it up and running quickly.
I have recently setup a RHEL 5.3 server primarily to be used as an Apache web server. I also now have a requirement to have this server also service SFTP requests for uploading/downloading files.
1. By default RHEL 5.3 allows SFTP (over TCP port 22). However when searching for SFTP site setup I've come across the fact that RedHat recommends using vsftpd. So if I configure vsftpd, what happens to the default SFTP and the ability to remotely use something like PuTTY to SSH into the server? Really looking to see if SFTP or vsftpd is best. Also, is vsftpd as or more secure than FTP over SSH?
In my opinion, using just SSH/SFTP is more secure. Running two services on two different ports only opens up another possible attack point. If SSH is already running, you've then already got SFTP running over that same port. If I HAD to run a dedicated FTP server, I'd choose vsftpd. Since vsftpd and SSH run on different ports, one doesn't effect the other. Also, SSH is considered by lots of folks to be pretty much the most secure remote access protocol, but you'll get LOTS of opinions on that, too.
Quote:
2. I've set aside a separate disk parition (to keep it away from the system partition to help lock down security) for the SFTP site. So I want to use that as the default SFTP root directory structure. How can this be achieved?
3. My requirements dictate 3 separate directories need to be used, each with their own associated SFTP user. The user can only read/write it's own directory structure and cannot navigate out of it. Also there will be a SFTP super user able to navigate through each of the 3 directory structures mentioned, but will not be able to navigate out of it's home directory. Can this be done, if so how?
Read the man page for sshd_config, and pay attention to the ChrootDirectory flag. Set that flag accordingly, so when users log in, it puts them in a 'jail, where ALL they can see is their own home directory, or whatever you've specified here. Chroot'ing is also possible with vsftpd.
Quote:
There will be no SSL certificates in play at the moment. I'm more concerned about getting things setup and working correctly first. However there may be a requirement to use them later.
The site will be accessed over the Internet initially, hence the reason I'm looking to make it as secure as possible while getting it up and running quickly.
TIA.
I have decided to go with vsftpd and have the FTP site running as I would like. I now do need to add SSL into the mix (customer's request). I already have a wildcard cert on the server and was hoping to use this by putting the follow directives into the vsftpd.conf file:
Is there anything else I'm missing regarding setup for SSL encryption? When running a FTPS connection using FileZilla I get the following:
Status: Connecting to <server_IP>:990...
Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server".
Error: Could not connect to server
Status: Waiting to retry...
This test is being run with iptables off. Could it be because the server is not fully commissioned yet, the certificate is causing this error.
I have decided to go with vsftpd and have the FTP site running as I would like. I now do need to add SSL into the mix (customer's request). I already have a wildcard cert on the server and was hoping to use this by putting the follow directives into the vsftpd.conf file:
Is there anything else I'm missing regarding setup for SSL encryption? When running a FTPS connection using FileZilla I get the following:
Status: Connecting to <server_IP>:990...
Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server".
Error: Could not connect to server
Status: Waiting to retry...
This test is being run with iptables off. Could it be because the server is not fully commissioned yet, the certificate is causing this error.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.