Secure FTP

Secure FTP

[John J. Boyer]

Hello,
Thanks to all the people the other day who told me how to get ssh working. 
That's fine now. The next thing is  to do secure ftp. I looked at scp, but 
it doesn't seem very interactive, or there are so many options that I 
can't see how it is normally used. This is a common failing of man and 
even info pages.
Thanks.
John


-- 
Computers to Help People, Inc.
http://www.chpi.org
825 East Johnson; Madison, WI 53703

Re: Secure FTP

[Janina Sajka]

John:

scp is great only if you know a filemask for the files you want. It's not 
so hot if you need to specify a lot of files.

sftp, on the other hand, is a bit better, but still not at the level of 
something like ncftp, which I swear by.

So, I just use ncftp, because it works well, and I guess I takes my 
chances on the security part.

Of course, if I know the file I want (which happens often, very often), I 
do use scp.

PS: Take a look at the man page for ssh-agent. I just discovered this 
little gem yesterday. Very helpful.

On Fri, 16 Aug 2002, John J. Boyer wrote:

> Hello,
> Thanks to all the people the other day who told me how to get ssh working. 
> That's fine now. The next thing is  to do secure ftp. I looked at scp, but 
> it doesn't seem very interactive, or there are so many options that I 
> can't see how it is normally used. This is a common failing of man and 
> even info pages.
> Thanks.
> John
> 
> 
> 

-- 
	
				Janina Sajka, Director
				Technology Research and Development
				Governmental Relations Group
				American Foundation for the Blind (AFB)

Email: janina@afb.net		Phone: (202) 408-8175

Chair, Accessibility SIG
Open Electronic Book Forum (OEBF)
http://www.openebook.org

Re: Secure FTP

[Rafael Skodlar,,,]

You don't need to use scp in order to move large number of files between
the systems based on some file name pattern. That could be done
elegantly with ssh and rsync.

I use the following segment in backup script to archive files on
remote server with tape drive

tar cvf - /somedir | ssh tapeserver dd of=/dev/nst0 bs=10240 > /tmp/sys.backup 2>&1

and the following to backup files from server in DMZ to server behind
the firewall:

rsync -arz -v -e ssh admin@webserver.mydomain.com:/export/home /home/backup

ssh-agent and other techniques can be used to automaticaly execute
scripts without interaction with the password.

The advantage of the above method over sftp is that port 22 for ssh is
more likely to b open than 115 for sftp. I don't want to open another
hole in the firewall just to enable what's already there for other
critical communications.

-- 
Rafael

On Fri, Aug 16, 2002 at 06:37:54PM -0400, Janina Sajka wrote:
> John:
> 
> scp is great only if you know a filemask for the files you want. It's not 
> so hot if you need to specify a lot of files.
> 
> sftp, on the other hand, is a bit better, but still not at the level of 
> something like ncftp, which I swear by.
> 
> So, I just use ncftp, because it works well, and I guess I takes my 
> chances on the security part.
> 
> Of course, if I know the file I want (which happens often, very often), I 
> do use scp.
> 
> PS: Take a look at the man page for ssh-agent. I just discovered this 
> little gem yesterday. Very helpful.
> 
> On Fri, 16 Aug 2002, John J. Boyer wrote:
> 
> > Hello,
> > Thanks to all the people the other day who told me how to get ssh working. 
> > That's fine now. The next thing is  to do secure ftp. I looked at scp, but 
> > it doesn't seem very interactive, or there are so many options that I 
> > can't see how it is normally used. This is a common failing of man and 
> > even info pages.
> > Thanks.
> > John
> > 
> > 
> > 
> 
> -- 
> 	
> 				Janina Sajka, Director
> 				Technology Research and Development
> 				Governmental Relations Group
> 				American Foundation for the Blind (AFB)
> 
> Email: janina@afb.net		Phone: (202) 408-8175
> 
> Chair, Accessibility SIG
> Open Electronic Book Forum (OEBF)
> http://www.openebook.org

Re: Secure FTP

[Thomas Stivers]

You might check out lftp. It's fish protocol works over an ssh connection.
Rsync is still the way to go for backups and the like though.
--
There are 10 kinds of people in the world; those who understand binary,
and those who don't.
Thomas Stivers
stivers_t@ev1.net
http://stivers-home.dyndns.org
----- Original Message -----
From: "Janina Sajka" <janina@afb.net>
To: <blinux-list@redhat.com>
Sent: Friday, August 16, 2002 5:37 PM
Subject: Re: Secure FTP


> John:
>
> scp is great only if you know a filemask for the files you want. It's
not
> so hot if you need to specify a lot of files.
>
> sftp, on the other hand, is a bit better, but still not at the level of
> something like ncftp, which I swear by.
>
> So, I just use ncftp, because it works well, and I guess I takes my
> chances on the security part.
>
> Of course, if I know the file I want (which happens often, very often),
I
> do use scp.
>
> PS: Take a look at the man page for ssh-agent. I just discovered this
> little gem yesterday. Very helpful.
>
> On Fri, 16 Aug 2002, John J. Boyer wrote:
>
> > Hello,
> > Thanks to all the people the other day who told me how to get ssh
working.
> > That's fine now. The next thing is  to do secure ftp. I looked at scp,
but
> > it doesn't seem very interactive, or there are so many options that I
> > can't see how it is normally used. This is a common failing of man and
> > even info pages.
> > Thanks.
> > John
> >
> >
> >
>
> --
>
> Janina Sajka, Director
> Technology Research and Development
> Governmental Relations Group
> American Foundation for the Blind (AFB)
>
> Email: janina@afb.net Phone: (202) 408-8175
>
> Chair, Accessibility SIG
> Open Electronic Book Forum (OEBF)
> http://www.openebook.org
>
>
>
> _______________________________________________
> Blinux-list mailing list
> Blinux-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/blinux-list
>

Re: Secure FTP

[John]

scp is actually quite simple for most purposes. This command
scp gw:/etc/passwd /tmp
will copy the passwd file from my computer to the /tmp directory on my 
computer.

You can, of course, copy from your computer to a remote one:
scp my-delights gw:/tmp

You can also use wildcards in the usually Linux manner:
scp gw:/var/ftp/pub/* /tmp
and the most likely switches are
 -r for recursion
 -q to turn off the progress meter
 -p to preserve permissions, timestamps etc.
 -C to turn on compression, you would want this if there's a modem or other 
slow network between you and the remore computer.

If ssh is configured to work without password prompts, then scp will too.


On Saturday 17 August 2002 05:29, John J. Boyer wrote:
> Thanks to all the people the other day who told me how to get ssh working. 
> That's fine now. The next thing is  to do secure ftp. I looked at scp, but 
> it doesn't seem very interactive, or there are so many options that I 
> can't see how it is normally used. This is a common failing of man and 
> even info pages.
> 

-- 


Cheers
John.

Please, no off-list mail. You will fall foul of my spam treatment.
Join the "Linux Support by Small Businesses" list at 
http://mail.computerdatasafe.com.au/mailman/listinfo/lssb

Re: Secure FTP

[Luke Davis]

As I said, try sftp.  It fits the exact description of what you are
asking.


On Sun, 18 Aug 2002, John wrote:

> scp is actually quite simple for most purposes. This command
> scp gw:/etc/passwd /tmp
> will copy the passwd file from my computer to the /tmp directory on my
> computer.
>
> You can, of course, copy from your computer to a remote one:
> scp my-delights gw:/tmp
>
> You can also use wildcards in the usually Linux manner:
> scp gw:/var/ftp/pub/* /tmp
> and the most likely switches are
>  -r for recursion
>  -q to turn off the progress meter
>  -p to preserve permissions, timestamps etc.
>  -C to turn on compression, you would want this if there's a modem or other
> slow network between you and the remore computer.
>
> If ssh is configured to work without password prompts, then scp will too.
>
>
> On Saturday 17 August 2002 05:29, John J. Boyer wrote:
> > Thanks to all the people the other day who told me how to get ssh working.
> > That's fine now. The next thing is  to do secure ftp. I looked at scp, but
> > it doesn't seem very interactive, or there are so many options that I
> > can't see how it is normally used. This is a common failing of man and
> > even info pages.
> >
>
>

Re: Secure FTP

[John J. Boyer]

John,
Thanks. That's the way documentation should be written.
John
On Sun, 18 Aug 
2002, John wrote:

> scp is actually quite simple for most purposes. This command
> scp gw:/etc/passwd /tmp
> will copy the passwd file from my computer to the /tmp directory on my 
> computer.
> 
> You can, of course, copy from your computer to a remote one:
> scp my-delights gw:/tmp
> 
> You can also use wildcards in the usually Linux manner:
> scp gw:/var/ftp/pub/* /tmp
> and the most likely switches are
>  -r for recursion
>  -q to turn off the progress meter
>  -p to preserve permissions, timestamps etc.
>  -C to turn on compression, you would want this if there's a modem or other 
> slow network between you and the remore computer.
> 
> If ssh is configured to work without password prompts, then scp will too.
> 
> 
> On Saturday 17 August 2002 05:29, John J. Boyer wrote:
> > Thanks to all the people the other day who told me how to get ssh working. 
> > That's fine now. The next thing is  to do secure ftp. I looked at scp, but 
> > it doesn't seem very interactive, or there are so many options that I 
> > can't see how it is normally used. This is a common failing of man and 
> > even info pages.
> > 
> 
> 

-- 
Computers to Help People, Inc.
http://www.chpi.org
825 East Johnson; Madison, WI 53703

Re: Secure FTP

[John]

On Sunday 18 August 2002 20:20, John J. Boyer wrote:
> John,
> Thanks. That's the way documentation should be written.
> John

thanks for the kind comment.

Really, we need two kinds of documentation:
Tutorials that tell you how to perform common tasks
and
Reference documents that give you all the gory details to help with the 
uncommon problems.

Tutorials are hopeless when you want to see the switches for the scp command, 
or to check on one of them in particular.

A problem with Open Source software is that there is no dictum from On High to 
rule that, "It must be done this way."



-- 


Cheers
John.

Please, no off-list mail. You will fall foul of my spam treatment.
Join the "Linux Support by Small Businesses" list at 
http://mail.computerdatasafe.com.au/mailman/listinfo/lssb

Re: Secure FTP

[John J. Boyer]

John,

On Mon, 19 Aug 2002, John wrote:

> On Sunday 18 August 2002 20:20, John J. Boyer wrote:
> > John,
> > Thanks. That's the way documentation should be written.
> > John
> 
> thanks for the kind comment.
> 
> Really, we need two kinds of documentation:
> Tutorials that tell you how to perform common tasks
> and
> Reference documents that give you all the gory details to help with the 
> uncommon problems.
> 
> Tutorials are hopeless when you want to see the switches for the scp command, 
> or to check on one of them in particular.
> 
> A problem with Open Source software is that there is no dictum from On High to 
> rule that, "It must be done this way."
> 
> 
> 
> 

-- 
Computers to Help People, Inc.
http://www.chpi.org
825 East Johnson; Madison, WI 53703

Re: Secure FTP

[Darrell Shandrow]

Hi John,

But that's also the nice thing about open source software; everything is
wide open, and you always have the choice to use or not use something.  If
the docs are poor, but for some reason you like the software, why not help
with its documentation?  Of course, some of us do not have sufficient
time...


----- Original Message -----
From: "John" <valhalla@computerdatasafe.com.au>
To: <blinux-list@redhat.com>
Sent: Sunday, August 18, 2002 6:52 PM
Subject: Re: Secure FTP


> On Sunday 18 August 2002 20:20, John J. Boyer wrote:
> > John,
> > Thanks. That's the way documentation should be written.
> > John
>
> thanks for the kind comment.
>
> Really, we need two kinds of documentation:
> Tutorials that tell you how to perform common tasks
> and
> Reference documents that give you all the gory details to help with the
> uncommon problems.
>
> Tutorials are hopeless when you want to see the switches for the scp
command,
> or to check on one of them in particular.
>
> A problem with Open Source software is that there is no dictum from On
High to
> rule that, "It must be done this way."
>
>
>
> --
>
>
> Cheers
> John.
>
> Please, no off-list mail. You will fall foul of my spam treatment.
> Join the "Linux Support by Small Businesses" list at
> http://mail.computerdatasafe.com.au/mailman/listinfo/lssb
>
>
>
>
> _______________________________________________
> Blinux-list mailing list
> Blinux-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/blinux-list

Re: Secure FTP

[John]

On Wednesday 21 August 2002 10:29, Darrell Shandrow wrote:
Are you suggestint I don't do enough? I've been helping out on many of these 
lists for over five years!

> but for some reason you like the software, why not help
> with its documentation?  Of course, some of us do not have sufficient
> time

Or understand the topic well enough.

-- 


Cheers
John.

Please, no off-list mail. You will fall foul of my spam treatment.
Join the "Linux Support by Small Businesses" list at 
http://mail.computerdatasafe.com.au/mailman/listinfo/lssb

Re: Secure FTP

[Andor Demarteau]

On Fri, 16 Aug 2002, John J. Boyer wrote:

 > Hello,
 > Thanks to all the people the other day who told me how to get ssh working.
 > That's fine now. The next thing is  to do secure ftp. I looked at scp, but
 > it doesn't seem very interactive,
well yeah, but it's your only fast solution to do secure filestransfer.

 > or there are so many options that I
 > can't see how it is normally used. This is a common failing of man and
 > even info pages.
maybe so, but the hard one would be to use the tcp-tunneling feature of
ssh and then use a normal ftp-client.
Trouble is that ftp is such a discusting protocol in this sense that I
never got it to work in either active or passive-mode.

 > Thanks.
 > John
 >
 >
 >

-- 
slainte mhaith (good health), slainte (cheers)
Uisce Beatha (water of live/health)
-----------
Andor Demarteau                 E-mail: ademarte@students.cs.uu.nl
student computer science        www: http://www.students.cs.uu.nl/~ademarte/
Utrecht University              irc: see webpage for details
-----------
Believe in yourself, know what you want, and make it happen!

Re: Secure FTP

[Andor Demarteau]

On Fri, 16 Aug 2002, Janina Sajka wrote:
 > sftp, on the other hand, is a bit better, but still not at the level of
 > something like ncftp, which I swear by.
yeps.

 > So, I just use ncftp, because it works well, and I guess I takes my
 > chances on the security part.
that's a bit sick imho ;)
If you use ftp on one hand and refuse to use telnet and use ssh for ti on
the other hand, you seem to have missed the point of using ssh at all.
Sorry for being a bit blund on this topic

 > Of course, if I know the file I want (which happens often, very often), I
 > do use scp.
 >
 > PS: Take a look at the man page for ssh-agent. I just discovered this
 > little gem yesterday. Very helpful.
 >
 > On Fri, 16 Aug 2002, John J. Boyer wrote:
 >
 > > Hello,
 > > Thanks to all the people the other day who told me how to get ssh working.
 > > That's fine now. The next thing is  to do secure ftp. I looked at scp, but
 > > it doesn't seem very interactive, or there are so many options that I
 > > can't see how it is normally used. This is a common failing of man and
 > > even info pages.
 > > Thanks.
 > > John
 > >
 > >
 > >
 >
 >

-- 
slainte mhaith (good health), slainte (cheers)
Uisce Beatha (water of live/health)
-----------
Andor Demarteau                 E-mail: ademarte@students.cs.uu.nl
student computer science        www: http://www.students.cs.uu.nl/~ademarte/
Utrecht University              irc: see webpage for details
-----------
Believe in yourself, know what you want, and make it happen!

Re: Secure FTP

[James R. Van Zandt]

An "examples" section would make a good addition to the scp man page.
If this were sent to the package author in the form of a patch to the
current man page sources, I'll bet he would be willing to add it.

	    - Jim Van Zandt


This command
scp gw:/etc/passwd /tmp
will copy the passwd file from my computer to the /tmp directory on my 
computer.

You can, of course, copy from your computer to a remote one:
scp my-delights gw:/tmp

You can also use wildcards in the usually Linux manner:
scp gw:/var/ftp/pub/* /tmp

If ssh is configured to work without password prompts, then scp will too.