Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re:Re: Securely connecting to FTP

From: 王海 <wangh-1984 () 163 com>
Date: Fri, 23 Dec 2011 23:43:31 +0800 (CST)
不需要了
At 2011-10-27 01:43:47,"Lothar Kimmeringer" <bugtraq () kimmeringer de> wrote:

Am 25.10.2011 13:23, schrieb Benjamin Betsalel:


It seems often all the information the ISP provides to
connect is the address and user credentials, and then you would enter
this into an FTP client to connect to your space. I am not all that
familiar with FTP, but looking at the options you seem to be able to try
to use SFTP on port 990(different protocol entirely-probably not
supported by ISP I would guess.


SFTP is a subtype of SSH and is done via port 22. Port 990 is the
default port for implicit FTPS (FTP over SSL). If your provider
does support that you can use that. Alternatively check out the
features of the FTP-server by doing the following:

-> telnet ftp.example.com 21
<- 220 FTP Server ready
-> FEAT
<- 221-Extensions supported:
<- [...]
<-  AUTH TLS
<- 221 End.
-> QUIT

If you see AUTH TLS as supported feature you can tell your FTP-client
to use FTPS (explicit), so before authentication takes place, the
client initiates a switchover to TLS using the plain connection.

If the server doesn't come up with that feature, ask your provider
how to access the webspace/etc. in a secure way not presenting your
credentials to the world and their dogs. If they tell you there
isn't one, decide for yourself if the saved money for this specific
ISP/server is worth the risk.


Regards, Lothar
-- 
Lothar Kimmeringer                E-Mail: spamfang () kimmeringer de
               PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81)

Always remember: The answer is forty-two, there can only be wrong
                 questions!

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: