[ale] SMB options
Joe Sechman
jsechman at bellsouth.net
Sun Jan 11 11:42:11 EST 2004
SSH is the way to go...I use a chroot'd jail environment for upload and
only permit RSA PKI authentication for secure copy (SCP) upload. Since
most of our users are mere mortals, I advise WinSCP as the winX client
software (not sure if there's a GNU equivalent), but the savvys usually
use the SCP command line tools. Admittedly, it's a bit of
administrative overhead, but at least I get some shuteye :0) This is
also good because the savvys have a dummy login shell with only the
commands necessary for file transfer (cp, rm, mkdir, mv, etc.....but NO
su). Here are some references:
Jailchroot project
http://www.jmcresearch.com/projects/jail/
WinSCP
http://winscp.sourceforge.net/eng/
and my favorite book of all time (SSH Definitive Guide):
http://www.bookpool.com/.x/odr44xorc0/sm/0596000111
-Cheers,
Joe Sechman
> David Hamm wrote:
>
>> Hello,
>>
>> I have an FTP server sittting on the Internet. One group of users
>> uploads files via FTP the other group downloads those files via SMB.
>> Securing SMB communications in most cases is handeled by listing the
>> SMB users's IP address in an IPTables rule with a -j ACCEPT. But
>> recently I gained an SMB user an ALLTel's network and ALLTel blocks
>> port 135. The only options I can come up with is eithher FreeSwan or
>> PopTop and from recent experiences I'm not excited about using
>> either. I wonder if I could run SMB on another port? Under Linux I
>> don't see a problem but the Windows workstations mounting the share
>> can't be modified since they also participate in an SMB based LAN.
>> Any suggestions are welcomed.
>
>
> Personally, I think you're absolutely insane to be permitting Windows
> file sharing over the internet. You're just asking for trouble.
>
> You should find a different solution. What about ssh?
>
More information about the Ale
mailing list