#1  
Old 22nd September 2008, 01:44
bswinnerton bswinnerton is offline
Senior Member
 
Join Date: Jul 2007
Location: Connecticut, US
Posts: 502
Thanks: 51
Thanked 16 Times in 13 Posts
Default SFTP Question

Hi everyone,

Due to a security risk, I always had the following SSH config disabled:

Code:
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
But the network that I have been on lately disables outbound FTP (I'm not sure if by choice, or they just don't know its blocked).

But anyways, I was wondering if the passwords really are transmitted in cleartext like the config file says, if so what is the point of having ftp go through SSH?

Thanks everyone
Reply With Quote
Sponsored Links
  #2  
Old 22nd September 2008, 13:48
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

With SSH, the passwords are alway sent encrypted.
The directive controls wheter password authentication is allowed or not. See http://www.openbsd.org/cgi-bin/man.c...nfig&sektion=5
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 22nd September 2008, 15:14
bswinnerton bswinnerton is offline
Senior Member
 
Join Date: Jul 2007
Location: Connecticut, US
Posts: 502
Thanks: 51
Thanked 16 Times in 13 Posts
Default

Thanks Falko,

Should I be worried having it enabled?
Reply With Quote
  #4  
Old 23rd September 2008, 21:03
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Not if you have a strong password. You can also disable root logins; that way you must log in as a normal user first and then su to root.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 24th September 2008, 16:28
na0lb na0lb is offline
Junior Member
 
Join Date: Sep 2008
Posts: 17
Thanks: 2
Thanked 0 Times in 0 Posts
Default

I am wanting to know if there is a way for users on my system to use ssh istead of ftp. I have had my ftp server disabled for months because i have had so many idiots trying to get into it. at one time it was getting hit from almost 50 different ip's at the same time.

I am running ubuntu 8.04 with ispconfig and want to be able to use ispconfig for setting up the users like it does with ftp.

lee
Reply With Quote
  #6  
Old 25th September 2008, 16:03
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

You can enable shell access for a web site, but keep in mind that this is a big security risk.

To protect your FTP server, you can install fail2ban: http://www.howtoforge.com/fail2ban_debian_etch
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
na0lb (25th September 2008)
  #7  
Old 25th September 2008, 20:23
na0lb na0lb is offline
Junior Member
 
Join Date: Sep 2008
Posts: 17
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Thank You Falco

this seems to be what I am looking for.

However I am confused, I am new to linux and have been
told locally to use ssh so I have been reading this thread chrooted ssh
http://www.howtoforge.com/forums/sho...t=14661&page=1

what is the better choice.

Lee
Reply With Quote
  #8  
Old 25th September 2008, 21:15
na0lb na0lb is offline
Junior Member
 
Join Date: Sep 2008
Posts: 17
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Falco

Can this also be used for DNS?
I have got my DNS servers set up so they do not do recursive lookups
but people still try, and they hit me real hard sometimes.
The other day is I was being hit about 15 to 20 times a second from
some russian ip's trying to use my DNS servers to hit AOL.com
This lasted about 22 hours before they gave up.

Also will the [apache] section cover both ispconfig and webmail?

Lee

Last edited by na0lb; 25th September 2008 at 21:21.
Reply With Quote
  #9  
Old 26th September 2008, 16:55
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Quote:
Originally Posted by na0lb View Post
Thank You Falco

this seems to be what I am looking for.

However I am confused, I am new to linux and have been
told locally to use ssh so I have been reading this thread chrooted ssh
http://www.howtoforge.com/forums/sho...t=14661&page=1

what is the better choice.

Lee
You as the server admin should use SSH, but I wouldn't grant it to users. You should be fine with normal FTP and fail2ban.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
na0lb (28th September 2008)
  #10  
Old 28th September 2008, 05:44
na0lb na0lb is offline
Junior Member
 
Join Date: Sep 2008
Posts: 17
Thanks: 2
Thanked 0 Times in 0 Posts
 
Default

Thank You Falco

Fail2ban works great. just what I needed

I still have the question about DNS server.

In jail.conf it has this warning. what does this mean.
I know ip's do not always come from the real source, but do not
understand how this leads to a dos attack.
like I said new to linux, but it seems like this filter should help stop
dos attacks.

# Word of Caution:
# Given filter can lead to DoS attack against your DNS server
# since there is no way to assure that UDP packets come from the
# real source IP

Lee
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP and SFTP using CENTOS 5.0 mofu_45 Installation/Configuration 2 28th July 2008 17:35
Facebook RSS reader question / problem Shutez HOWTO-Related Questions 3 4th June 2008 19:44
Question from a newbie: can't login on proftpd Chris_elmp Installation/Configuration 2 24th August 2007 21:36
sendmail config question westb Server Operation 1 1st September 2006 17:00
sftp acess for Web users anuragj Installation/Configuration 2 6th February 2006 23:41


All times are GMT +2. The time now is 12:15.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.