[BlueOnyx:04946] Re: Secure FTP options with BX?

Christoph Schneeberger cschnee at box.telemedia.ch
Mon Jul 5 12:44:42 -05 2010 

Jeff Jones wrote:
> Hey thanks for getting back, I asked this question a while ago and I think I remember you replying then also! 
>
> To me it's my biggest BX gripe - lack of secure file transfer for users built in. You have to ask yourself how much future the platform has, when you have all users sending usernames and passwords for file transfer in the clear. I will probably get flamed big time for saying that - but really, it's an instant fail for any security scan. Yes people will day 'it's free, so don't use it then' - and they are totally right.
>
> We worked out a solution in which we used a https/ssh based centralized file transfer server, and then mapped user accounts to samba shares. This sort of worked, but this file transfer server could only use one account (the account it runs under) in order to log in to smb shares on bx boxes. It means that customers could not add their own accounts via the BX GUI. So more complicated to run, but more secure than clear text FTP, with a single ingress point for all file transfers (handy for seeing aggregate usage across the entire DC on one page also).
>
> The new suPHP is the answer is our CMS nightmares, just as long as samba can force the permissions, at the moment it's not behaving.
>
> But It would be so much more elegant / simple with FTP with TLS - then I could ditch all this samba gubbins.... Give people a server and sleep easier about FTP users.
>
> I'm surprised more people aren't after this, maybe I'm just paranoid (unfortunately, so are the security audit teams!)
>
> Jeff
>
> Sent from my iPad
>
> On 5 Jul 2010, at 17:35, Ole-Bjorn Olsen <olebjorn at dataservice.no> wrote:
>
>   
>> Hi,
>>
>> If I remember right, 
>> I believe that "my" firm tried to archive something in this direction.
>>
>> And I also believe that we gave it up :P 
>> Think we got stuck on the fact that BO runs so many scripts in the
>> background,
>> that we found it hard to work this out : /
>>
>> I guess that al I really would like to say, 
>> is that we also would like to see a solution to thos issue : )
>>
>> -----Opprinnelig melding-----
>> Fra: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it] På
>> vegne av Jeff Jones
>> Sendt: 5. juli 2010 09:43
>> Til: Blueonyx at blueonyx.it
>> Emne: [BlueOnyx:04925] Secure FTP options with BX?
>>
>> Hi all,
>>
>> I wonder if I could ask an elementary question - I have searched the BX
>> forums and can't find the answer.
>>
>> What are the options for secure FTP on BX right now? I know there is a
>> (perhaps overly complicated) hack to create an SFTP jail - but I think FTP
>> but with TLS - at least to ensure that usernames / passwords are not in the
>> clear would be fine. There doesn't seem to be any TLS option on the FTP
>> service though. Another hack?
>>
>> Because a good way to hack a server is known to be the method of elevating a
>> known less privileged user account - I think it would be useful to protect
>> FTP accounts with some form of encrypted authentication.
>>
>> Cheers,
>>
>> Jeff
>>
>>
>>     

Whats wrong with SFTP ? Sorry if I missed the point, but on my BlueOnyx
servers SFTP works just fine.  Are you trying to jail your users or to
secure or a cleartext protocol ?

Christoph

More information about the Blueonyx mailing list