anonymous sftp connection

peter.kielbasiewicz_at_philips.com
Date: 06/01/04

  • Next message: peter.kielbasiewicz_at_philips.com: "anonymous sftp connection" 
    To: secureshell@securityfocus.com
Date: Tue, 1 Jun 2004 12:35:39 +0200

    Hello,

    I want to set up anonymous sftp connection but it seems that it is not
    possible with openssh.
    Many people argue that anonymous ftp does not really make sense but I
    think most do not know about the sub-user account feature offered by
    anonymous ftp.
    This feature works as follows:
    If you set up an anonymous ftp server you get a chrooted environment with
    very tight restrictions.
    After successful anonymous login one can issue a "user" command which
    would check for that user in the file ~ftp/etc/passwd and prompts for the
    password.
    The file ~ftp/etc/passwd is only for used for ftp logins and thus can use
    login names and password aging mechanisms which do not need to comply with
    any standard policies imposed on the regular /etc/passwd file.
    Thus you have a save ftp account and you do not change anything in the
    regular /etc/passwd file.
    The whole process can of course be scripted. A drawback here is the plain
    text password within the script file but this can be tolerated if the
    script file is only owner readable.

    It would be great if the feature was available with sftp because then the
    whole data transfer would be encrypted including transfer of the sub-user
    login.

    Does anybody know if there are plans to implement this mechanism with sftp
    or if there are workaround solutions offering the same functionality? 

    --
best regards
  Peter Kielbasiewicz
 
 
____________________________________________________________________________
   Philips Medizin Systeme Böblingen GmbH
   Peter Kielbasiewicz Phone:  +49 (7031) 463-1893
   Building 5 CMS-B IT (2C9)                                       FAX : 
+49 (7031) 463-2944
   Hewlett-Packard-Strasse 2 
   71034 Boeblingen e-mail:  Peter.Kielbasiewicz@philips.com
 
____________________________________________________________________________
  Jochen M. Franke, Dr. Werner Haas (Sprecher), David Russell, Wolfgang 
Strenzl
  Sitz der Gesellschaft: Böblingen
  Registergericht Böblingen Reg.-Nr. HRB 5187
  • Next message: peter.kielbasiewicz_at_philips.com: "anonymous sftp connection"

    Relevant Pages

    • RE: sftp vs ftp with ssl
      ... > account with interactive shell. ... I may very well be missing something here, but isn't anonymous sftp kind ... login, then run sshd in a chroot jail, kind of the way anonymous ftp ...
      (Security-Basics)
    • Re: Anonymous sftp
      ... > anonymous ftp, as it was a cause of a lot of security problems. ... > Has anyone ever set up sftp to accept anonymous file transfer? ... of those mini ftp daemons set up in a chroot somewhere. ... Java users do not need serious computing power, ...
      (comp.security.ssh)
    • Re: Anonymous sftp
      ... > anonymous ftp, as it was a cause of a lot of security problems. ... > Has anyone ever set up sftp to accept anonymous file transfer? ... of those mini ftp daemons set up in a chroot somewhere. ... Java users do not need serious computing power, ...
      (comp.security.unix)
    • Re: vsftpd problem
      ... > anonymous FTP? ... Or use scp or sftp, both are easier and more secure. ...
      (alt.os.linux)
    • Re: anonymous sftp connection
      ... Why bother to encrypt the communication channel if you have no ... > Many people argue that anonymous ftp does not really make sense but I ... > think most do not know about the sub-user account feature offered by ... > script file is only owner readable. ...
      (SSH)
    Loading