What are some secure alternatives to FTP?

Question

This Hacker News story is all about the downsides of FTP. The only reason I might set up FTP is that it's easy.

I know about and use scp already, but sometimes I want to share files with someone without giving them ssh access to my server. I want them to be able to upload and download files, but nothing else, and I want to restrict them to a single directory. I also want their connection to be encrypted like ssh.

What are some alternatives to FTP that meet these criteria?

You can use **scp** without **ssh** see: http://serverfault.com/questions/354615/allow-sftp-but-disallow-ssh — Stone, Jan 30 '12 at 14:29
I'm not going to bother reading that article but it's worth remembering that FTP was designed for use in a closed network (upstairs lab to/from the servers in the basement), so security was never even a consideration. It's astonishing that it's still in use on public networks. — John Gardeniers, Jan 31 '12 at 03:25
Some might argue ftp was not designed at all, but evolved through Good Ideas imagined by Various People creating software for file transfer long before closedness became an observable property for networks, when access control happened with locked doors and angry stares. — Eroen, Jan 31 '12 at 21:23

Travis Campbell · Answer 1 · 2012-01-31T16:29:44.883

Proftpd has a built-in sftp server that would allow you to completely segregate users from sshd for the purposes of file transfers. You can set it up so that it uses a completely separate passwd file to even further isolate them (it's hard to login to a system with ssh and break through a chroot if you don't actually have a user in /etc/passwd ...)

proftpd also allows you to chroot and isolate the sftp user to a set of directories pretty easily.

We do something like this:

LoadModule mod_sftp.c

<VirtualHost 10.1.1.217>

    ServerName  "ftp.example.com"

    # from http://www.proftpd.org/docs/howto/NAT.html
    MasqueradeAddress   1.2.3.4
    PassivePorts 27001 27050

    UseSendfile off

    ExtendedLog         /var/log/proftpd/access.log WRITE,READ default
    ExtendedLog         /var/log/proftpd/auth.log AUTH auth

    AuthUserFile /etc/proftpd/AuthUsersFile
    AuthOrder           mod_auth_file.c 

    <IfModule mod_sftp.c>
        Port 10022
    SFTPAuthorizedUserKeys file:/etc/proftpd/ssh_authorized_keys/%u
        SFTPEngine On
        SFTPLog /var/log/proftpd/sftp.log
        SFTPHostKey /etc/ssh/proftpd-ssh_host_rsa_key
        SFTPHostKey /etc/ssh/proftpd-ssh_host_dsa_key
        MaxLoginAttempts 6
    </IfModule>
</VirtualHost>

To aid the newbie, if the OP needs help setting this up, I have a completely basic tutorial here: http://www.csrdu.org/nauman/2011/02/13/proftpd-with-sftp-mysql-and-monthly-usage-reports/ — recluze, Feb 03 '12 at 03:19

joecks · Answer 2 · 2012-01-31T10:25:57.810

3

I would use WebDav with a https enabled server! The authentication is then base on the standard http authorization scheme. A guide to set up webdav with apache can be found here then it is only neccessary to put that resource behind https, and here I found a nice description how to do that.

edited Jan 31 '12 at 10:25

answered Jan 30 '12 at 14:45

joecks

143
1
9

Given the language in use here you could at least have linked to an English version of the article. – John Gardeniers Jan 31 '12 at 03:26
haha sorry did not realize that mistake. Thanks for correcting! – joecks Jan 31 '12 at 10:13

score 1 · Answer 3 · answered Jan 30 '12 at 14:30

You didn't specify "free" as a requirement, so I'm going to throw out the Mass Transit package by grouplogic. It's probably a bit overkill for most people, and out of their price range, but the feature suite is nothing short of freaking fantastic. Get a second Mass Transit server and light up automation and you're moving some files really fast.

score 0 · Answer 4 · answered Jan 30 '12 at 15:08

You can setup sftp that uses ssh in a mode similar to ftp.

You can create some users (one or more, it depends on if it's ok or not for each user to access each other's files) in your machine, give them shell /bin/false and chroot each user to some directory where those files are to be placed.

score 0 · Answer 5 · answered Jan 31 '12 at 17:16

You can use pure-ftpd with enabled TLS encryption. The configuration is very simple, to enable encryption uncomment TLS option in config file(one line only :) ), configure your clients to connect via ftps and thats it. (You must remember that not all ftp clients support ftps ).

Eroen · Answer 6 · 2012-01-31T16:55:36.437

-1

You could enable up- and downloads with rsync over ssh without allowing logins by setting rsync as the login shell for the user. This enables all the goodies of ssh, including certificate logins, encryption and standard filesystem permissions operation while not enabling shell accounts (as the account won't have a shell but rsync =)).

edited Jan 31 '12 at 16:55

answered Jan 30 '12 at 14:29

Eroen

109
3

And how would that be more secure? Still cleartext... – EEAA Jan 31 '12 at 04:16
That depends on how you set it up. The common way (only way I've ever seen it done) is using ssh and setting rsync as the login shell, or (for root access) command-specific ssh certs. – Eroen Jan 31 '12 at 09:21
1

Rsync, when running a service (as you recommend in your answer) has no encryption. That is of course not the case with rsync+ssh. You could edit your answer to make your meaning more clear. – EEAA Jan 31 '12 at 15:00
Changes have happened (in case somebody finds the comments above fitting badly). – Eroen Jan 31 '12 at 16:57
Although it wasn't asked for it's also worth mentioning that although there are any number of easy to use interfaces for FTP and FTP-like protocols I personally don't know of one for rsync. If the intended users are non-technical that may be an issue. – John Gardeniers Jan 31 '12 at 21:03

What are some secure alternatives to FTP?

6 Answers6