Security Basics mailing list archives
Re: Securely connecting to FTP
From: Lothar Kimmeringer <bugtraq () kimmeringer de>
Date: Wed, 26 Oct 2011 19:43:47 +0200
Am 25.10.2011 13:23, schrieb Benjamin Betsalel:
It seems often all the information the ISP provides to connect is the address and user credentials, and then you would enter this into an FTP client to connect to your space. I am not all that familiar with FTP, but looking at the options you seem to be able to try to use SFTP on port 990(different protocol entirely-probably not supported by ISP I would guess.
SFTP is a subtype of SSH and is done via port 22. Port 990 is the default port for implicit FTPS (FTP over SSL). If your provider does support that you can use that. Alternatively check out the features of the FTP-server by doing the following: -> telnet ftp.example.com 21 <- 220 FTP Server ready -> FEAT <- 221-Extensions supported: <- [...] <- AUTH TLS <- 221 End. -> QUIT If you see AUTH TLS as supported feature you can tell your FTP-client to use FTPS (explicit), so before authentication takes place, the client initiates a switchover to TLS using the plain connection. If the server doesn't come up with that feature, ask your provider how to access the webspace/etc. in a secure way not presenting your credentials to the world and their dogs. If they tell you there isn't one, decide for yourself if the saved money for this specific ISP/server is worth the risk. Regards, Lothar -- Lothar Kimmeringer E-Mail: spamfang () kimmeringer de PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81) Always remember: The answer is forty-two, there can only be wrong questions! ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Securely connecting to FTP Benjamin Betsalel (Oct 25)
- Re: Securely connecting to FTP Matthew Caron (Oct 25)
- Re: Securely connecting to FTP BH (Oct 25)
- Re: Securely connecting to FTP Ansgar Wiechers (Oct 26)
- RE: Securely connecting to FTP Benjamin Betsalel (Oct 26)
- Re: Securely connecting to FTP Lothar Kimmeringer (Oct 27)