LinuxQuestions.org - Forcing Secure FTP

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Forcing Secure FTP (https://www.linuxquestions.org/questions/linux-security-4/forcing-secure-ftp-42514/)

Crashed_Again

01-23-2003 11:59 AM

Forcing Secure FTP

Hello all. I currently have a few friends using my Apache Server to run there web sites. Of course they need to upload files to the server. Rather then using the standard FTP they have all downloaded a copy of SFTP, the encyrpted version of FTP, provided by the PUTTY download page. Although they are all using this to upload files I have noticed that it is still possible to connect via the standard FTP. Is there a way to allow ONLY SFTP and disable the standard FTP? Thanks in advance.

peter_robb

01-23-2003 05:26 PM

sftp will be using port 115..

You can block the regular ftp port 21 in the firewall...
or tune your ftp server, depending on which software it is...
Some are standalone server daemons, and some are controlled via the xinetd daemon.
Type 'chkconfig --list' in a terminal and look for ftp servers, or
'netstat -tanp' to see which is running.

Crashed_Again

01-23-2003 06:00 PM

I am currently running VSFTP. When I run a nmap it shows port 115 closed. When I run chkconfig --list it shows VSFTP as an XINETD based service. Can you configure VSFTP to only allow SFTP?

peter_robb

01-23-2003 06:05 PM

I don't use it myself...
try
'man vsftp' in a terminal and see what it's documents say...

Crashed_Again

01-23-2003 06:09 PM

The documents say nothing and there is no entry in the vsftpd.conf file that deals with this issue. Should this be done through xinetd?

peter_robb

01-23-2003 06:11 PM

You can alter the port xinetd listens on for vsftp by changing the '/etc/xinetd.d/vsftp' file

Crashed_Again

01-23-2003 06:13 PM

When I try to connect via port 115 it does not allow me. For example:

ftp www.mydomain.com:115
gives
unknown host
error

peter_robb

01-23-2003 06:15 PM

Question is,
how does vsftp handle the SSL connection?

Make a sftp connection, then type
'ps -e' and 'netstat -tanp'
to see which programme is running as the server for sftp...

Crashed_Again

01-23-2003 06:22 PM

From the output of netstat -tanp | more it looks like SFTP causes two connections.

SSH and SSHD but no FTP connection. I wonder if the FTP connection is not used until I actually try and upload or download something. Maybe a good test would be to shutdown FTP and see if I can upload or download. What do you think?

peter_robb

01-23-2003 06:28 PM

That's the built in sftp server with the ssh package...

Not full of features, but uses local user priveleges & is very secure.

You can safely shutdown vsftp..
'chkconfig --list' to get vsftp's correct title, then
'chkconfig vsftp off' will do it.
& 'service xinetd restart'

Crashed_Again

01-23-2003 06:29 PM

Thanks for all your help. You are the man! Finally a moderator who does not treat people like idiots. Thanks again.

peter_robb

01-23-2003 06:32 PM

I'm not that far from being an idiot, so sympathy runs deep!!

ENJOY!

All times are GMT -5. The time now is 09:24 PM.