ftpd-ssl woes

To: Debian Security <debian-security@lists.debian.org>
Subject: ftpd-ssl woes
From: Moses Moore <mmoore@novator.com>
Date: Fri, 22 Feb 2002 15:54:57 -0500
Message-id: <[🔎] 3C76B021.904F5B3D@novator.com>
References: <[🔎] 3C73C127.34E44B69@novator.com>

Okay, let's try another tack.

I've got a server behind a firewall that users want to transfer files
to-from.  scp isn't an option because ssh is being port-forwarded to a
machine that isn't the fileserver.  ftp would be nice, but ftp sends
passwords in cleartext.

ftpd-ssl seems to be the proper option (with the following line in
/etc/inetd.conf to make certain no cleartext passwords are sent:

ftp   stream  tcp     nowait  root    /usr/sbin/tcpd  /usr/sbin/in.ftpd
-z secure

I've got the firewall port-forwarding ports 20,21 to the machine running
ftpd-ssl, and I can connect (and I've packetsniffed to make sure it's
encrypted) and get the MOTD.  Any time I try to do something else, like
'ls' or 'get', the session just hangs.  I've tried using passive mode
(the -p switch for the server doesn't force passive mode, even though
it's mentioned in man 8 in.ftpd for just that), and the client says
"Entering Passive Mode" and hangs just the same.

I'd like to find a way to pass files from outside the firewall to a
(specific, not "any") machine inside the firewall, that doesn't involve
sending passwords in cleartext nor ssh.

Reply to:

Follow-Ups:
- Re: ftpd-ssl woes
  - From: tony mancill <tony@mancill.com>

References:
- portsentry woes
  - From: Moses Moore <mmoore@novator.com>

Prev by Date: RE: PPPoverEthernet vs. PPPoverATM
Next by Date: Re: ftpd-ssl woes
Previous by thread: portsentry woes
Next by thread: Re: ftpd-ssl woes
Index(es):
- Date
- Thread