LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Windows SCP/SFTP

[ILUG] Windows SCP/SFTP

Rick Moen rick at linuxmafia.com
Fri Feb 22 03:09:14 GMT 2002 

Quoting John Moylan (moylanj at rte.ie):

> I have just spent the bast part of a day hardening a Linux box that
> will be used as an SFTP or an SCP server to replace notoriously
> insecure FTP. I now have one small problem though. Any of the free
> Windows clients that I have tested are crud. 

Actually, if you think that just replacing ftp with scp or sftp
constitutes a significant security improvement, then you now 
have _two_ problems.  ;->  It might have been smarter to just chroot
people ftp'ing in non-anonymously to a subdirectory of their home
directories, and recompiling an ftp daemon to use a different
authentication database from the one that holds shell-login passwords.
That way, sure people's ftp logins are sniffable, but you don't expose
any shell passwords thereby.

As it is, you'll have people using their shell passwords inside Win32
sftp or scp client software, or storing private RSA or DSA keys on their
Win32 boxes.  Where, of course, they're extremely stealable.  And you're
probably allowing those users to set their passwords to the same pet
names or other dictionary words they use everywhere else on Earth.  Once
those passwords get sniffed or cracked elsewhere, the bad guys will
simply follow the users into your hardened Linux box, crack root, set 
up a rootkit, and all of that.

Encryption isn't, and never will be, magic security pixie dust.  If you
want people to be able to do dumb things like scp/sftp into "secure" 
*ix boxes from Win32, better look into OPIE at the very least.

-- 
This message falsely claims to have been scanned for viruses with F-Secure
Anti-Virus for Microsoft Exchange and to have been found clean.

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell