Password Encryption for FTP

Password Encryption for FTP

Post by Marion Goldstei » Wed, 22 Mar 2000 04:00:00



I'm trying to set up a reasonably secure network using FreeBSD. I've
been able to use OpenSSH to secure the password transmission for
telnet sessions. I'm looking for ways to avoid sending unencrypted
passwords for POP and FTP services. These two seem to be a bit harder
to find any information regarding the securing of passwords. Does
anyone have any suggestions or URL pointers to either soltware or just
methods to secure the password transmission for these services? My
server is part of a cluster at an IPP and open to the internet, so I
know that I am in an environment where sniffers, etc are going to be a
possible problem. Any suggestions will be appreciated

Marion

______________________________________________________________
Posted via Uncensored-News.Com, http://www.uncensored-news.com
    Only $8.95 A Month, - The Worlds Uncensored News Source

 
 
 

Password Encryption for FTP

Post by B. Carlso » Wed, 22 Mar 2000 04:00:00


Personally I would install SSH1 or SSH2, put something in rc.local to
start it up
at boot time and shut off the telnet dameon all together.  I've been using
ssh for
years now and haven't had a problem with a compromised box because of it
yet.

I've heard of encrypted ftp sessions, which would be very nice, but I
don't where
to find more information about it.

B. Carlson


> I'm trying to set up a reasonably secure network using FreeBSD. I've
> been able to use OpenSSH to secure the password transmission for
> telnet sessions. I'm looking for ways to avoid sending unencrypted
> passwords for POP and FTP services. These two seem to be a bit harder
> to find any information regarding the securing of passwords. Does
> anyone have any suggestions or URL pointers to either soltware or just
> methods to secure the password transmission for these services? My
> server is part of a cluster at an IPP and open to the internet, so I
> know that I am in an environment where sniffers, etc are going to be a
> possible problem. Any suggestions will be appreciated

> Marion

> ______________________________________________________________
> Posted via Uncensored-News.Com, http://www.uncensored-news.com
>     Only $8.95 A Month, - The Worlds Uncensored News Source


 
 
 

Password Encryption for FTP

Post by Timothy J. L » Wed, 22 Mar 2000 04:00:00


|I'm trying to set up a reasonably secure network using FreeBSD. I've
|been able to use OpenSSH to secure the password transmission for
|telnet sessions. I'm looking for ways to avoid sending unencrypted
|passwords for POP and FTP services. These two seem to be a bit harder
|to find any information regarding the securing of passwords. Does
|anyone have any suggestions or URL pointers to either soltware or just
|methods to secure the password transmission for these services? My

With POP, you can use an SSL wrapper (sslwrap, stunnel, sslproxy, etc.)
that uses OpenSSL.  This is probably easier for the users than the ssh
port forwarding method, since many POP mail clients can do SSL.

For ftp, there is scp in ssh as a substitute.

--
------------------------------------------------------------------------

Unsolicited bulk or commercial email is not welcome.             netcom.com
No warranty of any kind is provided with this message.

 
 
 

Password Encryption for FTP

Post by Marion Goldstei » Wed, 22 Mar 2000 04:00:00


That's what I have done. It works very well. I just can't find a
secure ftp.



Quote:>Xref: news-feed.riddles.org.uk comp.unix.bsd.freebsd.misc:34213
>Xref: sn-xit-02 comp.unix.bsd.freebsd.misc:119894

>Personally I would install SSH1 or SSH2, put something in rc.local to
>start it up
>at boot time and shut off the telnet dameon all together.  I've been using
>ssh for
>years now and haven't had a problem with a compromised box because of it
>yet.

>I've heard of encrypted ftp sessions, which would be very nice, but I
>don't where
>to find more information about it.

______________________________________________________________
Posted via Uncensored-News.Com, http://www.uncensored-news.com
    Only $8.95 A Month, - The Worlds Uncensored News Source
 
 
 

Password Encryption for FTP

Post by Marion Goldstei » Wed, 22 Mar 2000 04:00:00


I know about scp, but most of the users on the network will be using
windows, and are only able to use windows style ftp clients like wsftp
or bulletproof. Do you know of any type of windows front end to scp?



>For ftp, there is scp in ssh as a substitute.

______________________________________________________________
Posted via Uncensored-News.Com, http://www.uncensored-news.com
    Only $8.95 A Month, - The Worlds Uncensored News Source
 
 
 

Password Encryption for FTP

Post by Michael Zawrot » Thu, 23 Mar 2000 04:00:00



> That's what I have done. It works very well. I just can't find a
> secure ftp.



> >I've heard of encrypted ftp sessions, which would be very nice, but I
> >don't where
> >to find more information about it.

The source tarball that I have for ssh-2.0.13 has both a client and server
for "sftp".  That can handle any of your *nix clients.  As far as the
win* people, take a look at http://www.datafellows.com.  I think that
F-Secure (used to be Datafellows) is the the company formed by the original
ssh people when they decided to go commercial.

Hope this helps.

Mike

--
Michael Zawrotny
411 Molecular Biophysics Building

Tallahassee, FL 32306-4380              | phone:  (850) 644-0069

 
 
 

1. FTP / SFTP automation tool with password encryption/decryption built-in

If you are working in a data center enviornment, you probably have
already encountered the issue of how to make FTP or SFTP file
transfermation jobs automated: due to security reason, your security
people do not let you to use .netrc or put clear password in
unencrypted scripts, and although they like you to use sftp for
automated file transfer but do not want you to enjoy the freedom of
logon to the server through ssh. So do you have a solution?

WZIS developed the tools to solve the problem, at least for some
commercial banks.
The packages are called AutoFTP and AutoSFTP. You can download them
and have a try: http://wzce.tripod.com/

2. Shared objects and productization

3. Encryption/Decryption of UNIX password

4. Cladera Open Linux 2.3 Rogers@Home Toronto

5. Password Encryption

6. Redhat 5.2 custom boot diskette failure

7. Password encryption in Ultrix enhanced security

8. Linux 2.x and Adaptec 1740 SCSI

9. How to set SPARC solaris 8 password database as DES encryption?

10. Password/Login encryption code?

11. password encryption using crypt()

12. Connect Samba Server without disable password encryption in Win98

13. Unix password encryption again