I have written a number of ftp scripts to put/get files between unix and other systems. My scripts only ftp to servers inside of our firewall. However, I have heard of risks involved with using the typical ftp automation techniques if one goes into unsecure areas with thier ftp processes.
Typical to me:
ftp -i -v -n [hostname] <<EOF
user USERNAME PASSWORD
The main risk I have heard of is that the username and password are passed in plain text. Are there any ways to get around this on the shell scripting level? Or, do other options need to be considered?
Another way to get a secure FTP is to use SSH and use programs like PSFTP (on Win32 clients) or sftp (on Unix clients) to transfer files via SecureShell without having the security problems related to clear text passwords sent via ftp.
I have used psftp from work to send files to my boxes at the house and it works very well, but is slower than traditional ftp.
You can also use scp (secure copy) on a file by file basis to transfer files from one system to another.
Have you tried both ways? Attempting to transfer files by logging into HP and sftp to SUN and logging into SUN and sftp to HP? On one side you would do a put, on the other side you would do a get. Or do you have secure copy (scp part of ssh). Or can you share a drive between the systems (NFS). Or is the home directory a shared drive (will mount on both systems - put the file in /home and it will be there)
FYI - If the system administrator will not allow .netrc (I don't blame him/her) then make the system administrator find a fix. If you have a valid need to transfer files, then you bring that need to the Sys Admin and they need to come up with a way to meet the business need and keep systems secure.
I would like to ask for you suggestions or comments see if you can help.
Since system auditing is under progress and the AIX is the main
investigated unit. They are asking to disable the FTP service to enhance
the security but I doubt. For daily use, the FTP will help administrator
to download... (1 Reply)
Are there any white papers on setting up ftp, where a user logs in from any system to put a file on another UNIX machine.
eg. the external user puts a file in "ddd". We only want them to have access to this directory for write purposes and access no where else.
Can we put an acl... (2 Replies)