Board index Linux Security

FTP server

FTP server

Post by Kevin Clar » Tue, 20 Jun 2000 04:00:00



Hi,

I just set up a ftp server.  I am using proftpd.  Just wondering about
the anonymous ftp user "ftp".  What is the defualt password for this
"user" and how do i change it, or is there a password.  I made a
direcory ftp in /home while logged in as root.  The group and owner are
therefore root, should I change this to the user "ftp" and group "ftp".
I hope my ramblings are understandable.

Thanks

Kevin

P.S.  Any security concerns with proftpd?  I did a little investigation
and didn't find any thing major.

Thanks again

 
 
 
Top

FTP server

Post by <bg.. » Tue, 20 Jun 2000 04:00:00



> I just set up a ftp server.  I am using proftpd.  Just wondering about
> the anonymous ftp user "ftp".  What is the defualt password for this
> "user" and how do i change it, or is there a password.  I made a
> direcory ftp in /home while logged in as root.  The group and owner are
> therefore root, should I change this to the user "ftp" and group "ftp".
> I hope my ramblings are understandable.

User "ftp" should have a * or other impossible string in its passwd entry.
Anonymous ftp users are expected to send
        USER anonymous

and be granted or denied access on criteria other than the password.

User "ftp" should not own any files whatsoever, except for anonymous
uploads (if you allow such). It should not have write access to any
files or directories, again except for the upload area.

Quote:> P.S.  Any security concerns with proftpd?  I did a little investigation
> and didn't find any thing major.

As with all ftp servers, passwords are transmitted in the clear.

Also, the server needs to bind to port 20 on every file transfer.
It must retain root privilege (or capability CAP_NET_BIND_SERVICE)
in order to do that. (Note: some ftp servers, notably publicfile,
violate the port-20 rule for the sake of greater security. I don't
know whether ProFTPD can be made to do this through configuration file
directives.)

 
 
 
Top

1. FTP server behind on firewall FTP client behind another

I have a Windows-based FTP server (G6) behind a linux firewall box
running ipchain and ipmasqadm portfw rules to enable communication
with the out side world. I can connect to this server from the
outside, but PASV doesn't work. I have rules that allow ports above
1023 for the PASV traffic and I also had put the FTP server on a
haigher port other than 21.  I portfw'd the same port through to the
internal Windows machine running the ftp server as well as forwarding
the ftp-data. I have the ip_masq_ftp module loaded. I'm not sure why
PASV doesn't work.

Also, the other thing I'm trying to get working is communicating with
this same FTP server from a client within another linux-firewalled
(also using ipchains and portfw rules) LAN. I can connect, but can't
get any data transfers going, including directory listings, using
either PASV or regular FTP. I'm not sure if I should be forwarding
ftp-data to the internal machine running the ftp client.

What I ultimately want to do is be able to connect from a client
within on linux firewalled LAN to an ftp server inside another linux
firewalled LAN on a non-standard port and using PASV if possible. Any
help would be appreciated.

2. Limiting number of apache processes?

3. ftp server iptables rules for passive ftp

4. telnet

5. Which ftp server wu-ftp or proftpd?

6. 5.25" 360K Drive Problems

7. ftp server ftp.double-barrel.be is down

8. script for rlogin or telnet

9. Fast FTP Client-Slow FTP Server

10. Can't FTP to my FTP server from outside

11. help: running ftp server with wu-ftp

12. How to set up ftp-proxy for connexions to a NATed FTP server on OBSD 2.9 ?


All times are UTC
Board index