|
|
|
|
Tunneling FTP over SSH
|
|
FTP operates over a control channel (often port 21) and a data channel (often
port 20). In normal operation both of these channels are unencrypted. The control channel will send the login
and password in plain text. The data channel is also passed unprotected. Both leave you open to sniffing and
packet capture. If you also have your ftpd in passv mode you may also be susceptible to connection theft.
There are a few solutions. There are some secure ftp programs that do the
encryption for you, and some that help tunnel over ssh. What you'll find when you look into most of these is that
they will only handle the control channel. Some may think this is sufficient, but it isn't. This is because even
though you are covering the password, etc., You are missing the data channel. The data channel also sends the
directory and file listings.
FTP is a little more difficult to tunnel because of the dual port issue. If it was just the two ports, it would
be easy, except FTP operates in a rather strange manner. Instead of transferring files all over one connection,
it opens a new connection for each file. This makes it difficult to tunnel the data channel. But it is not impossible
and there are a number of ways to accomplish this:
scp - Secure
copy. This is our recommended choice due to ease of scripting, etc. It comes with the ssh bundle and takes advantage
of the SSH encryption to copy files from one system to another. If you need a win version to come from a win client
try: http://www.utu.net/ohjeet/ssh_for_windows.html
SFTP2 - If you
have the full ssh implementation you should also have a file called SFTP2. This is a command line client to secure
ftp over ssh.
http://www.xbill.org/sftp/ - sftp is an ftp replacement that runs over an ssh tunnel. Both a client and
a server are included. Must use special client, does have GUI version.
http://www.cs.berkeley.edu/~smcpeak/SafeTP/ - One of the more popular ones. Does not exactly tunnel, instead it does the
encryption of both the command and data channels. Has own client to handle port redirects, then can work with
any standard ftp client program.
Securing ftp is a must. But unfortunately none of the above solutions will easily work in an anonymous fashion. If you
run an anonymous ftp, the best you can do is to secure the daemon and box as tight as possible. In a secure setup it is not
recommended that you offer anonymous ftp. Instead, if you must offer it, have it running on an isolated box with it being the
only listening service. |
|
|
|
 |
|
|
|
Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
| |
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
| |
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
| |
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
| |
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!
|
|
Service Details
|
|
|
|
