Results 1 to 10 of 10

Thread: Secure FTP with Windows

  1. #1
    Junior Member
    Join Date
    Jun 2003
    Posts
    6

    Secure FTP with Windows

    Hello, I've been using my comcast account as an ftp server. Normally, I access it through network neighborhood by visiting ftp://______@upload.comcast.net. Recently though, I just noticed the warning dialog box that says "FTP does not encrypt or encode passwords before sending them to the server".

    The stuff I have on my FTP server isn't anything important, but I found the no-encryption unsettling. The "click me" help thingy told me about using "secure web folders" but upon checking the microsoft documentation, it told me it only works with https://, and that ftp has no protection.

    Anyway, so is there a way I can access my FTP server securely?


    P.S. I checked antionline's search function before I posted and didn't find anything. If I missed something, I apologize.

  2. #2
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Microsoft change that in a patch a while ago because this feature could be use to spoof the real address.

    The patch was MS04-004 that you can read here (Check the Technicial Details)

    http://www.microsoft.com/technet/sec.../MS04-004.mspx
    -Simon \"SDK\"

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    FTP, by it's nature is an insecure protocol.... Thus everything is sent in clear.

    Do you control the server itself? I get the feeling you don't because the domain appears to be a subdomain of comcast.net
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Most FTP is still clear text.

    Although there are serveral good secure open source file transfer options available, I choose to use encrypted FTP via commercial server and client software from IPSwitch.
    WSFTP Pro Server and Client.

    I'm sure others can comment on the OS variety. I don't use it so I won't.

  5. #5
    Senior Member
    Join Date
    Jun 2004
    Posts
    281
    Well I feel that you question has been answered in the previous post but here are some free FTP programs to get started on and hopefully get some better encryption on you end.

    http://www.snapfiles.com/freeware/network/fwftp.html

    - MilitantEidolon
    Yeah thats right........I said It!

    Ultimately everyone will have their own opinion--this is mine.

  6. #6
    You can set up a secure FTP server (http://www.ipswitch.com/index.asp, and others) for a price. Using a secure HTTPS site may be the better solution, assuming you can get a certificate from a CA. The problem with most "secure" FTP clients is that the initial connection (which includes your login) isn't necessarily encrypted or protected. There must be a handshake between the server and the client to establish the protocol prior to the login to protect the login exchange. So, just having a "secure" client doesn't solve the problem.

  7. #7
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Maybe I misunderstood your question, but some answer is following:

    Although TigerShark and ss2chef are completely right, you can (virtually)
    connect securely to that ftp server. However, it depends on services
    comcast offers. IF they have a running SSH daemon and IF they allow for
    port tunneling, you might be able to establish a secure ftp control channel
    connection (21).

    1. Locally, you have to install ssh [1].
    2. Locally, make sure the commands "ssh" and "ftp" are known in the shell (cmd.exe)
    3. Then: ssh -f -L 1234:upload.comcast.net:21 upload.comcast.net 'exec sleep 10' && \
    ftp localhost 1234

    That stuff is known as SSH port forwarding. It first creates a connection between your
    computer (localhost) and the SSH-server (upload.comcast.net), if available! Then, you
    use (being on the comcast-machine) that secure connection on port 1234 to connect to the FTP-server on upload.comcast.net.
    The SSH daemon on upload.comcast.net forwards incoming traffic on 1234 to Port 21,
    the ftp server.

    Note: I hope I did not mess up with the ssh-flags. -f forks the process. I hope the
    same option is available on windows OS.


    [1] eg. http://www.openssh.com

    /edit:
    - you might write (immediately after login into the ftp-server): > passive
    - [1+] That's what you need: http://prdownloads.sourceforge.net/s..._mirror=heanet
    - This solution is a bit "weird": If comcast indeed offers a ssh-connection, they also
    might offer and sftp/scp-connection ....

  8. #8
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Since SSH suit allows tunneling of SFTP/SCP over SSH, I don't think it would be necessary to enable all the port forwarding games suggested by sec_ware. One critical thing that you didn't mention, at least not explicity, was the OS involved (I am going to assume windows by the mentioning of microsoft docs).

    There is an SSH server that is free that uses cygwin to run OpenSSH. I have never used it personally but a co-worker says he uses it to tunnel microsoft RDP over it. It can be found here:
    http://sourceforge.net/projects/sshwindows/

    As far as good clients go, my personal favorite is WinSCP, it is has a very nice graphical front end and is something that I was able to show to my bosses to convince them to do away with FTP and replace it with SSH (because the client was pretty easy to use). It can be found here:
    http://sourceforge.net/projects/winscp/

    Good luck, the sooner you do away with FTP (which aside from it being clear text can cause other headaches with firewalls), the better.
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  9. #9
    Junior Member
    Join Date
    Sep 2002
    Posts
    13
    ssh comes with a secure ftp service anyway so the easyest way is to use thss ssh ftp service instead of port tunneling

  10. #10
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Originally posted here by spike054
    ssh comes with a secure ftp service anyway so the easyest way is to use thss ssh ftp service instead of port tunneling
    Jep, absolutely, that's why I mentioned it in the /edit-section. Still, embarassing that
    I though about it after writing the post

    However, it's always good to go through these things from time to time. At least for
    some of us.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •