Re: sFTP compared with FTP via VPN

From: Colin McKinnon (colin.thisisnotmysurname_at_ntlworld.deletemeunlessURaBot.com)
Date: 04/22/04 

Date: Thu, 22 Apr 2004 20:31:53 +0100

ITguy_uk spilled the following:

> I am trying to setup a server to allow third party users to place
> files on a Solaris filesystem within a specific directory through the
> internet securely.
<snip>
>(cannot use open source solution for this although I would
> like too - long story!!!!!).
>
...and I was just about to sugest that!

> I then found the sFTP software which allows FTP functionality through
> SSH which seemed to be the solution. I have since found with testing
> that in order for sFTP to work the third party has to have SSH access
> to the server.

Several ssh servers will support (and provide) sFTP, but you can also get
standalone sFTP servers (although I only know of Free software solutions -
which you might not be interested in).

> It basically seems a bad idea to give
> users shell access when they only need to transfer files.
>
Yup, even though it should be OK with (e.g.) /bin/flase as the users shell
its still just not right.
 
> Also if anyone can suggest another solution to this
> problem I would be interested to hear of it.
>
Why not script a wee file upload in PHP and run it over https on your
webserver? It would take all of about 20 lines of code to do.
( http://www.php.net/manual/en/features.file-upload.php )

HTH

C.

Relevant Pages

  • Re: Bitvise WinSSHD, SFTP and W2K domains
    ... > Our Linux/Unix servers have slipped seamlessly over to SFTP, ... > almost exactly what we want - with one minor problem. ... > Linux's sftp and WinSCP). ... You can set permissions for sftp access via SSH hostkeys. ...
    (comp.security.ssh)
  • Re: Bitvise WinSSHD, SFTP and W2K domains
    ... > Our Linux/Unix servers have slipped seamlessly over to SFTP, ... > almost exactly what we want - with one minor problem. ... > Linux's sftp and WinSCP). ... You can set permissions for sftp access via SSH hostkeys. ...
    (comp.os.ms-windows.nt.admin.security)
  • Recommended patches broke ssh
    ... servers now cannot be logged into by ssh or sftp. ... ssl, but I'm not sure what the simplest and quickest way of fixing it is. ...
    (SunManagers)
  • Analysis of SSH crc32 compensation attack detector exploit
    ... Analysis of SSH crc32 compensation attack detector exploit ... detector vulnerability to remotely compromise a Red Hat Linux ... Active Internet connections (servers and established) ...
    (Incidents)
  • Re: Agent Forwarding Question for the list
    ... I provided a suggestion (invoking ssh with -vvv) as to how to further troubleshoot the problem. ... I was determined to ask the experts in case it was a common mistake or something that simply is not possible under openssh. ... Say in the ideal setup for development servers I'd have a cronuser, scriptuser, monitoruser, cvsuser, and root all configured with my public key and that I could jump in and out of each not only from my own Linux Desktop, but through each user to each user on other servers in the development chain. ... After reading all the documentation and FAQs I could find, I had assumed ssh-agent on the desktop and agent forwarding on the servers would be sufficient, but something is blocking the forwarding, or I'm way off and this isn't how it's meant to work. ...
    (SSH)
Quantcast