Forcing Secure FTP

Crashed_Again · 01-23-2003, 11:59 AM

Hello all. I currently have a few friends using my Apache Server to run there web sites. Of course they need to upload files to the server. Rather then using the standard FTP they have all downloaded a copy of SFTP, the encyrpted version of FTP, provided by the PUTTY download page. Although they are all using this to upload files I have noticed that it is still possible to connect via the standard FTP. Is there a way to allow ONLY SFTP and disable the standard FTP? Thanks in advance.

peter_robb · 01-23-2003, 05:26 PM

sftp will be using port 115..

You can block the regular ftp port 21 in the firewall...
or tune your ftp server, depending on which software it is...
Some are standalone server daemons, and some are controlled via the xinetd daemon.
Type 'chkconfig --list' in a terminal and look for ftp servers, or
'netstat -tanp' to see which is running.

Crashed_Again · 01-23-2003, 06:00 PM

I am currently running VSFTP. When I run a nmap it shows port 115 closed. When I run chkconfig --list it shows VSFTP as an XINETD based service. Can you configure VSFTP to only allow SFTP?

peter_robb · 01-23-2003, 06:05 PM

I don't use it myself...
try
'man vsftp' in a terminal and see what it's documents say...

Crashed_Again · 01-23-2003, 06:09 PM

The documents say nothing and there is no entry in the vsftpd.conf file that deals with this issue. Should this be done through xinetd?

peter_robb · 01-23-2003, 06:11 PM

You can alter the port xinetd listens on for vsftp by changing the '/etc/xinetd.d/vsftp' file

Crashed_Again · 01-23-2003, 06:13 PM

When I try to connect via port 115 it does not allow me. For example:

ftp www.mydomain.com:115
gives
unknown host
error

peter_robb · 01-23-2003, 06:15 PM

Question is,
how does vsftp handle the SSL connection?

Make a sftp connection, then type
'ps -e' and 'netstat -tanp'
to see which programme is running as the server for sftp...

Crashed_Again · 01-23-2003, 06:22 PM

From the output of netstat -tanp | more it looks like SFTP causes two connections.

SSH and SSHD but no FTP connection. I wonder if the FTP connection is not used until I actually try and upload or download something. Maybe a good test would be to shutdown FTP and see if I can upload or download. What do you think?

peter_robb · 01-23-2003, 06:28 PM

That's the built in sftp server with the ssh package...

Not full of features, but uses local user priveleges & is very secure.

You can safely shutdown vsftp..
'chkconfig --list' to get vsftp's correct title, then
'chkconfig vsftp off' will do it.
& 'service xinetd restart'

Crashed_Again · 01-23-2003, 06:29 PM

Thanks for all your help. You are the man! Finally a moderator who does not treat people like idiots. Thanks again.

peter_robb · 01-23-2003, 06:32 PM

I'm not that far from being an idiot, so sympathy runs deep!!

ENJOY!