SFTP Question

Discussion in 'Installation/Configuration' started by bswinnerton, Sep 22, 2008.

  1. bswinnerton

    bswinnerton New Member

    Hi everyone,

    Due to a security risk, I always had the following SSH config disabled:

    # Change to no to disable tunnelled clear text passwords
    PasswordAuthentication no
    But the network that I have been on lately disables outbound FTP (I'm not sure if by choice, or they just don't know its blocked).

    But anyways, I was wondering if the passwords really are transmitted in cleartext like the config file says, if so what is the point of having ftp go through SSH?

    Thanks everyone
  2. falko

    falko Super Moderator ISPConfig Developer

  3. bswinnerton

    bswinnerton New Member

    Thanks Falko,

    Should I be worried having it enabled?
  4. falko

    falko Super Moderator ISPConfig Developer

    Not if you have a strong password. You can also disable root logins; that way you must log in as a normal user first and then su to root.
  5. na0lb

    na0lb New Member

    I am wanting to know if there is a way for users on my system to use ssh istead of ftp. I have had my ftp server disabled for months because i have had so many idiots trying to get into it. at one time it was getting hit from almost 50 different ip's at the same time.

    I am running ubuntu 8.04 with ispconfig and want to be able to use ispconfig for setting up the users like it does with ftp.

  6. falko

    falko Super Moderator ISPConfig Developer

  7. na0lb

    na0lb New Member

  8. na0lb

    na0lb New Member


    Can this also be used for DNS?
    I have got my DNS servers set up so they do not do recursive lookups
    but people still try, and they hit me real hard sometimes.
    The other day is I was being hit about 15 to 20 times a second from
    some russian ip's trying to use my DNS servers to hit AOL.com
    This lasted about 22 hours before they gave up.

    Also will the [apache] section cover both ispconfig and webmail?

    Last edited: Sep 25, 2008
  9. falko

    falko Super Moderator ISPConfig Developer

    You as the server admin should use SSH, but I wouldn't grant it to users. You should be fine with normal FTP and fail2ban.
  10. na0lb

    na0lb New Member

    Thank You Falco

    Fail2ban works great. just what I needed

    I still have the question about DNS server.

    In jail.conf it has this warning. what does this mean.
    I know ip's do not always come from the real source, but do not
    understand how this leads to a dos attack.
    like I said new to linux, but it seems like this filter should help stop
    dos attacks.

    # Word of Caution:
    # Given filter can lead to DoS attack against your DNS server
    # since there is no way to assure that UDP packets come from the
    # real source IP


Share This Page