LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] wu-ftpd

[ILUG] wu-ftpd

Rick Moen rick at linuxmafia.com
Thu Jan 17 18:52:55 GMT 2002 

Quoting John McDonnell (ilug_spamtrap at johnmc.org):

> Surely this holds true for all implementations of FTP...

Other than anonymous.

> ...and Telnet for that matter.

Don't forget POP3.

There _are_ some creative solutions that I've tried.  Consider:

1.  Users have ~/ftp directories.  /home filesystem has disk quotas.
2.  I modify and recompile an ftpd to use authentication database
    /etc/insecure/passwd .  I do the same for a pop3d.  Run the 
    ftpd to chroot to ~/ftp .
3.  I populate /etc/insecure/passwd with the requisite lines for 
    my local UIDs, using hashes of really _bad_ passwords (like
    "password").
4.  Notify users that they can now POP their mail and ftp files
    in and out of their ~/ftp directories using their usual 
    usernames but password (e.g.) "password".

This allows people to use two of the three popular plaintext-
authentication protocols with minimal disruption and without
compromising system security.

> Personal recommendation, OpenSSH with SCP and use SCP/SSH clients.
> Putty and WinSCP work on windows and Nifty Telnet + SSH works on Mac.

Welcome to the party.  ;->

See the top of http://linuxmafia.com/pub/linux/security/ftp-daemons
Comprehensive list of SSH software that I've maintained for years:
http://linuxmafia.com/pub/linux/security/ssh-clients

And don't forget that SSH is only as secure as the machines on _both
ends_, and that this is true regardless of whether you use password,
RSA, or DSA authentication.  If you SSH from a compromised host into
your otherwise secure machine, you've given the bad guys all they need
to "own" your box.  The tools to do this are now widespread and
automated.         
                                                                                
Thus substituting ssh client/daemon pairs for telnet/ftp is worthwhile,
but only because it eliminates that plaintext transmission mode for
shell passwords.  Anyone who thinks of SSH as "secure login" without
drastically qualifying the concept is kidding himself.  

-- 
"Is it not the beauty of an asynchronous form of discussion that one can go and 
make cups of tea, floss the cat, fluff the geraniums, open the kitchen window 
and scream out it with operatic force, volume, and decorum, and then return to 
the vexed glowing letters calmer of mind and soul?" -- The Cube, forum3000.org

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell