[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: secure ftp

Configuring SSH is not difficult.  The configuration need only be
done on the server to determine the authentication method(s) of choice
and a few other parameters.  The clients will negotiate with the server
to determine what is allowed.  I would forgo the RSA key authentication
and just use simple password authentication with SSH in your situation
as the users would already understand that concept.

Second, to keep things simple, I would urge you to consider the "MindTerm"
Java based SSH client for the users.  You can install either the "official"
ssh V1 or the openssh on the server.  The MindTerm applet exists in a web
page on the server.  They just browse the page, get the applet, and in the
Java parameters of the page you can even automate the forewarding of the
ftp chanels for the users.  The MindTerm thing gives them a color vt100
terminal right there on the page or as a separate browser window, and they
can use their normal ftp client, pointed at the localhost and forewarding
port, much like a simple proxy configuration.

This may work for you.  To obtain MindTerm, go to www.freshmeat.net and
search for either MindTerm or MindBrite.  One is the company name, the other
is the product I think.  This appears to be an open source licensce arrangement
from what I can tell.

They have a couple demo web pages as well so you can see how to enocde the
html for it.  I've used this successfully to provide myself "anywhere" access
back into my network as I then only require internet access and a java enabled
browser, which pretty much means most computers in the US will do!

On Sun, Mar 12, 2000 at 09:41:50PM -0600, Chad W. Skinner wrote:
> This is pretty much what I would like to find out how to do. You see I am
> trying to figure out how to encrypt the passwords being sent via ftp, but
> really don't care about the data as it will be mostly publicly available
> webpages, but I want to reduce the risk of compromising passwords via
> sniffing.
> Do you know if configuring ssh is difficult? I've been reading about the
> configuration and installation process, but have yet to try it. Also, how
> hard is it to get ssh to forward a port on the server and am I correct in
> thinking that I would only have to forward the ftp port and not ftp-data
> since the data does not need encrypted?
> > ... However, it does  have scp which will allow you to
> > copy files, but I don't know how handy this is compared to
> > an ftp type interface since I've never tried it.
> I know this seems odd, but most of the users I will be dealing with are
> windows only and are just getting familiar with computers. What I was
> thinking is that I could make a handout on configuring ttssh to encrypt and
> forward ftp connections to another port on the server and therefore allow
> secure connections from outside our firewall. This would also allow the
> users to use any graphical ftp program with which they are already familiar.
> Anyone have any suggestions.
> Thanks,
> Chad
> -- 
> To unsubscribe: mail redhat-list-request redhat com with "unsubscribe"
> as the Subject.

J. Scott Kasten

jsk AT tetracon-eng DOT net

"That wasn't an attack.  It was preemptive retaliation!"

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]