Re: secure file transfer

To: debian-security@lists.debian.org
Subject: Re: secure file transfer
From: Michael van der Kolff <vandy@aperfectpc.com>
Date: 05 Jun 2002 14:53:31 +1000
Message-id: <[🔎] 1023252811.2193.4.camel@pc11>
In-reply-to: <[🔎] 3CFCC79F.CAAA2E3C@davlong.com>
References: <[🔎] 008201c20b60$5cddf050$6400000a@win2k> <[🔎] 3CFCC79F.CAAA2E3C@davlong.com>

I'd say that the most flexible way of doing so is probably using
freeswan, which you can find in the unstable packages.  Additionally,
you'll have to build your kernel again, and if you want to implement a
huge one you'll have to find the x.509 cert patch, but from what I hear
it's quite a flexible implementation.  I believe I'll be having a go at
implementing it soon :)

My $0.02

Michael van der Kolff
A Perfect PC
Gymea, Sydney, Australia


On Tue, 2002-06-04 at 23:58, Jon McCain wrote:
> 
> 
> > Renato Lozano wrote:
> > 
> > Hi All,
> > 
> > I am trying to implement a way of transfering files securely over the
> > Internet using sftp which is part of the ssh2 protocol.  A down side
> > of implementing this is that users logging on can browse the whole
> > filesystem.  I have done some research and found a way to chroot users
> > so they won't be able to browse the filesystem
> > (http://chrootssh.sourceforge.net/).  Can someone please suggest if
> > there are any other ways of implementing a secure file transfer
> > without patching sshd ???
> > 
> > Nato
> 
> I had the same concerns a few months back.  I wanted to use sftp but I
> disliked the fact that they can see the whole filesystem although
> debian's default permission on the important files prevents anyone from
> changing them.  I did not want to patch ssh either.  It was so complex
> and I wanted to be keep to a standard ssh so as to keep up with the
> security updates to ssh.   So I used vpn and ftp. The firewall is set to
> block the ftp ports for anything from the internet.  Using vpn gives the
> user a local ip and thus allows ftp to get through plus the traffic is
> encrypted. Proftp lets you chroot the user to their home dir.
> 
> You can remove the sftp-server program to disable sftp but you can't
> turn off the scp commands.  They are part of ssh.  So someone could
> still use something like winscp and be able to browse everything.
> 
> You can "break" scp by making the users shell a menu script (i.e.
> /usr/bin/yourmenu instead of /usr/bin/bash) so they can not get to a $
> prompt.  You also have to define your menu script as a shell
> (/etc/shell) so regular ftp will still work.
> -- 
>                ___
>               (@ @)
> ----------oOo--(_)--oOo-------------------------------------------
> Jon McCain                            Email: jmccain@davlong.com
> Sr. Programmer                        Voice: 912-355-3213
> DavLong Business Solutions              Fax: 912-355-3575
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> 
> 
> 



-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: secure file transfer
  - From: Wichert Akkerman <wichert@wiggy.net>

References:
- secure file transfer
  - From: "Renato Lozano" <r.lozano@rogers.com>
- Re: secure file transfer
  - From: Jon McCain <jmccain@davlong.com>

Prev by Date: SSH log weirdness
Next by Date: Bind 9.2.0 vulnerability
Previous by thread: Re: secure file transfer
Next by thread: Re: secure file transfer
Index(es):
- Date
- Thread