Secure FTP via SSH Tunnel
Warren Togami
warren at togami.com
Sun Jun 24 15:05:10 PDT 2001
http://www.linuxsecurity.com/articles/cryptography_article-3210.html
(Note: This article talks both about traditional FTP through an encrypted
SSH tunnel, and SFTP, a better protocol that works with SSH v2. Everyone
should learn about SSH, and SCP and SFTP because telnet and FTP are UNSAFE
to use.)
"This article will point out the differences between standard FTP and secure
FTP using some real-world examples. Secure FTP solves the password security
and port control problems by allowing the entire connection to take place
through a single tunneled SSH connection. If you're a firewall administrator
(and most of us have learned to adopt this title in one form or another),
your firewall rules just got easier. Now you can safely block your FTP ports
access to the outside world - primarily the FTP default port, 21.
The Secure FTP server has to be running OpenSSH, which accepts ssh1 and
ssh2, and also needs to be running ftpd, the "normal" FTP daemon (more on
this later). The Secure FTP client calls to the Secure FTP server on its SSH
port. The server then connects internally to port 21, the FTP port, and
tunnels the FTP data back across the SSH port to the client. To ensure the
server is totally secure, you need to firewall off port 21 from outside
access, only allowing the local host to connect to port 21. This is
accomplished by either ipfw (firewalling) or tcpwrappers (under Unix, the
hosts.allow file). "
More information about the LUAU
mailing list