ftp security


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting ftp security
# 1  
Old 03-06-2002
ftp security

I have written a number of ftp scripts to put/get files between unix and other systems. My scripts only ftp to servers inside of our firewall. However, I have heard of risks involved with using the typical ftp automation techniques if one goes into unsecure areas with thier ftp processes.

Typical to me:

ftp -i -v -n [hostname] <<EOF
user USERNAME PASSWORD
hash
cd [to_dir]
lcd [from_dir]
put FILENAME
close
bye
EOF

The main risk I have heard of is that the username and password are passed in plain text. Are there any ways to get around this on the shell scripting level? Or, do other options need to be considered?

Let me know if more details are needed...
thekid
# 2  
Old 03-07-2002
Another way to get a secure FTP is to use SSH and use programs like PSFTP (on Win32 clients) or sftp (on Unix clients) to transfer files via SecureShell without having the security problems related to clear text passwords sent via ftp.

I have used psftp from work to send files to my boxes at the house and it works very well, but is slower than traditional ftp.

You can also use scp (secure copy) on a file by file basis to transfer files from one system to another.
# 3  
Old 03-15-2002
Thanks for the input. I also came across some info on using a .netrc file, so I will check into that also.
thekid
# 4  
Old 03-15-2002
Using .netrc or anonymous ftp are not secure. The password of an account is either vulnerable in the .netrc file, in the transmission, or in the script file.

You would be better off using one of the programs auswipe wrote about. If you are worried about security.
thehoghunter
# 5  
Old 03-19-2002
I have a similar problem.

I have to tansfer 6 files from one unix box 'a' to another 'b'. I tried 'rcp' but file system on b does not allow the files to be rcp'ed from a.

My system admin has refused to use .netrc (due to security issues).

Could not transfer files using sftp.

Any other techniques available to transfer files from one box to another.

I am (trying to) transferring files from HP to Sun Solaris.

SunOS 5.6 Generic_105181-23 sun4u sparc SUNW,Ultra-Enterprise

HP-UX B.10.20 B 9000/891 350319241
# 6  
Old 03-19-2002
Have you tried both ways? Attempting to transfer files by logging into HP and sftp to SUN and logging into SUN and sftp to HP? On one side you would do a put, on the other side you would do a get. Or do you have secure copy (scp part of ssh). Or can you share a drive between the systems (NFS). Or is the home directory a shared drive (will mount on both systems - put the file in /home and it will be there)

FYI - If the system administrator will not allow .netrc (I don't blame him/her) then make the system administrator find a fix. If you have a valid need to transfer files, then you bring that need to the Sys Admin and they need to come up with a way to meet the business need and keep systems secure.
thehoghunter
# 7  
Old 03-19-2002
A big security gap

I personally think that all mounts are big security gaps on systems.

I think you should try scp from any ssh dist.

Maybe your rcp doesn't work because the .rhosts doesn't exist. This is also a security gap. I would really recommend using SSH..

Jason
penguin-friend
Login or Register to Ask a Question

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. AIX

Unix security -- FTP service????

I would like to ask for you suggestions or comments see if you can help. Since system auditing is under progress and the AIX is the main investigated unit. They are asking to disable the FTP service to enhance the security but I doubt. For daily use, the FTP will help administrator to download... (1 Reply)
Discussion started by: shanemcmahon
1 Replies

2. HP-UX

ftp security

Hi all, Are there any white papers on setting up ftp, where a user logs in from any system to put a file on another UNIX machine. eg. the external user puts a file in "ddd". We only want them to have access to this directory for write purposes and access no where else. Can we put an acl... (2 Replies)
Discussion started by: lbeard
2 Replies
Login or Register to Ask a Question