July 26th, 2004, 07:37 PM
Secure FTP servers in *NIX
I'm setting up a server right now for my LAN, and I've got Apache going now, but I'm wondering about the FTP server.
Compaq Presario 6000
AMD Athlon XP 2600+ Processor operating at 2.13 GHz
512 MBs RAM
120 GB HD
Floppy, ZIP, DVD, and CD-RW drives
Running Slackware Linux 10
Second box that may be used:
HP Pavilion (the first computer I ever bought, still serving me well)
Pentium 3 733 MHz Not overclocked
384 MBs RAM
43 GB HD (Yes, it's weird, but any OS Iput on here reports 43 GB)
Floppy, ZIP, DVD, and CD-RW drives
Running Slackware Linux 9.1 with all patches installed.
Now, I can easily do a google search and find out about secure FTP servers that are quickly set up, but I don't want to listen to some guy ramble on because he was paid, which is why I'm asking here, as I'm quite sure I'm not the only one who has set up multiple FTP servers before.
PureFTPD, ProFTP, and VSFTP are all what I have used before, and I really liked PureFTPd, and VSFTP, but what do you guys think about this?
Slackware has ProFTPd already, but I'm not looking for something already installed if it's not the best.
I won't listen to someone saying WU-FTP, that's just wrong.
Unless of course you can back up that, heh.
Anyway, what FTP servers have you guys set up and liked?
I'm thinking I will go with PureFTPD, but still, I'd like some feed back.
The server will be used to pretty much back up my LAN, and maybe be used to store things for internet users to download. the load might get high, because I have...Ummm, my paid for movies I've downloaded to back up, and on some days the server may be transferng up to 3 GBs a day, and sometimes more. Which is why I like PureFTPd, because I've used that on a SUSE server and gotten 15 GBs across my network in 3 hours without a porblem.
Also, NO ANONYMOUS. All users will have to have an account on the box.I don't want to set up anonymous at all. It's just for me and maybe friends like I said, and I want people to have to log in.
July 26th, 2004, 07:40 PM
I like VSFTP as it's a lot better as far as security and setup than the typical Wu-FTP drop-in that RH has. No plaintext transmissions, operates on the same port 21, and you can lock everything down using no anonymous, chrooted directories, etc...
You can find a good "how-to" here.
You can find out more info in general here and here. The second link provides a lot more info on sites using it, how it's proven, etc...very good stuff!
I mean, 2500 concurrent downloads on individual servers? Wow...
Hope this helps!
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
July 26th, 2004, 07:50 PM
Cool man, I agree, I liked it too when I was using it. It worked very well, and gave me no problems at all. Thanks for the information.
July 26th, 2004, 07:54 PM
I'll second VSFTP
It's not perfect but it is more secure than WU or Pro as far as published vulns.
I also like how VSFTP allows you to easily lock users into their home directory via
July 26th, 2004, 09:53 PM
I'll put in another vote for VSFTPd... that's what I've got running on my SuSE box at home... and it's definately more feature filled than Pure/Pro FTPd when it comes to the security aspects. I actually just convinced a buddy to switch his server over to VSFTPd and he was quite impressed with the added security.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
July 26th, 2004, 10:09 PM
July 27th, 2004, 01:24 AM
Why not use sftp if not for anonymous ftp? Besides sftp is much nicer ports wise (only needs port 22 both ways...) and thus much simpler to configure on the firewall...
Credit travels up, blame travels down -- The Boss
July 27th, 2004, 02:47 AM
im tinkering with vsftpd and i like it alot.....altho i dont want annynomus users and thats all i have right now...but im going through the tuts listed above and figuring out what to do
work it harder, make it better, do it faster, makes us stronger
July 27th, 2004, 04:44 AM
Well first thing since i is Linux is the firewall and it must allow and be set up for passive connections after the inital handshake on both sides. Will side with the VSFtpd on this one. I simply set things up so there was one group that had the access they need. Then created download and upload directories in that groups folder. The access one down load and one up load were rooted to respected directories. Download can read and download upload only place the files not read them although I am thinking quotas are maybe better suited for this. So in the end no matter what server side program you use it will depend upon ease of use for all users and the set up of permissions. I cannot reall off the tp of my head what mine read at work on the ftp server. But I'll follow up with more info later when I review what I did and edit it because I do not like to really mention much about how I set things up here...go figure
I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg
July 27th, 2004, 05:44 AM
Thanks to everyone, I appreciate it.
I've decided to make a mixed environment. I'm going to use VSFTPd on one box, and Pure/Pro on another. the main box will get VSFTPd as just about everyone recommended it, and the other is for learning, so thanks again!