Re: securing communication channel (FTP) - Need Suggestions
From: Staff Netelion (security_at_netelion.com)
Date: 06/28/05
- Previous message: techpsi_at_yahoo.com: "Re: program to store passwords"
- In reply to: Vicky Rode: "securing communication channel (FTP) - Need Suggestions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <vicky.rode@gmail.com>, <security-basics@securityfocus.com> Date: Tue, 28 Jun 2005 12:54:24 -0500
Hi:
You would take a look over scp. It can be used in
interactive/non-interactive mode to securely transfer files between hosts.
You will only need ssh.
scp sintax:
scp source destination
Suppose you need to copy foo.txt from server "cancun" to server "acapulco"
using "jsmith" user credentials (note about user credentials: if not
specified, current user credentials are used)
cancun$ scp foo.txt jsmith@acapulco:
sftp resembles closely ftp, so it works as its insecure counterpart, you
will ned ssh 2.0 at least.
if you are copying heavily ammounts of data between servers/hosts, maybe you
could try rsync, (warning: rsync is not secure by itself but can be easily
"tunneled" using ssh or stunnel).
Mysql: I have sucessfully "secured" mysql connections between two remote
servers by using stunnel, take a look at
http://www.stunnel.org/examples/mysql.html
Regards
Javier
----- Original Message -----
From: "Vicky Rode" <aptgetd@gmail.com>
To: <security-basics@securityfocus.com>
Sent: Monday, June 27, 2005 3:18 PM
Subject: securing communication channel (FTP) - Need Suggestions
> Hi,
>
> I'm looking at ways trying to secure communication channel (file
> transfer to be specific) which occurs between my master (ftp
> downloads)/slave (remote clients) FTP servers. Since this communication
> channel is in the clear which means anyone listening can acquire the
> login credentials. Not to mention man-in-the middle attack.
>
> I'm currently pondering using one of the following options and was
> wondering if anyone could provide their thoughts and feedback (pros/cons):
>
>
> (1) Secure FTP (SSL:FTPS)
>
> - Any pitfalls I need to be aware of from a setup/implementation
standpoint?
> - How would the authentication to MySQL user database work?
>
> (2) Secure HTTP (https)
>
> - Any pitfalls I need to be aware of from a setup/implementation
standpoint?
> - How would the authentication to MySQL user database work?
>
> (3) a. Scp:
> b. Sftp: Is it an interactive program? Does it provide
> non-interactive authentication?
>
>
> Any pointers will be greatly appreciated.
>
>
>
> regards,
> /vicky
>
>
>
>
>
>
- Previous message: techpsi_at_yahoo.com: "Re: program to store passwords"
- In reply to: Vicky Rode: "securing communication channel (FTP) - Need Suggestions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
