View Full Version : [ubuntu] secure transfer of files, how do I do it?
May 21st, 2008, 03:23 AM
Ok, so here's my question and problem:
I'm a noob at Linux, and most of my experience is based on using X server in gusty. I would like to make a server, for the simple purpose of transferring files securely trough the Internet from point A to B. I've been doing allot of research on whether I should use SFTP, FTPS, or simply SSH. The idea is to transfer the files (less then 700 mb) from a windows xp system to my Linux server in an encrypted method, witch I hope can be automated on the windows system. So my questions are:
1) What encryption would be best for this task?
2) Can you point me to either a software package that I can install and configure with X server or a guide that walks me trough it step by step?
May 21st, 2008, 03:28 AM
In my opinion, SFTP via the OpenSSH package cannot be beat. You just install your ssh server, configure it to your liking and SFTP just works. There are no extra ports to open and really no extra config besides your typical sshd configuration.
For your WinXP box I highly recommend you download "WinSCP" as your client software, it is quick and simple and offers a few bells and whistles for free.
May 21st, 2008, 03:53 AM
Ok, I'm still stuck
I installed Openssh server (from https://help.ubuntu.com/7.10/server/C/openssh-server.html)on my laptop (just to get a feel for what I'm doing, its using gusty) but how do I make the keys, and configure the sftp?
May 21st, 2008, 04:08 AM
After installing the OpenSSH-server package are you able to ssh into your box? If so, SFTP should already work. As long as SSH works SFTP should as well.
Unless I am mistaken, the keys you require are generated during install.
Here is my "/etc/ssh/sshd_config" I use two ports, one for external connections into my box (22000) and one for internal (though they both work when internal), I have bolded a line below, it is important (in my opinion) to add this to yours as well, you don't to open yourself up to external root access if you can help it:
# What ports, IPs and protocols we listen for
# HostKeys for protocol version 2
#Privilege Separation is turned on for security
# Lifetime and size of ephemeral version 1 server key
# Don't read the user's ~/.rhosts and ~/.shosts files
# For this to work you will also need host keys in /etc/ssh_known_hosts
# similar for protocol version 2
# To enable empty passwords, change to yes (NOT RECOMMENDED)
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
# Change to no to disable tunnelled clear text passwords
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
May 21st, 2008, 06:19 AM
There is one thing that I don't like about sftp and that is that it's a mission (my opinion) to jail a user to his home directory.
Therefor I (still) use vsftpd with TLS/SSL (see http://www.brennan.id.au/14-FTP_Server.html#secure for a setup)
May 21st, 2008, 08:29 AM
This is very simple:
(a) On the server
(1) install openssh-server
sudo apt-get install openssh-server
(2) install denyhosts (recommended)
sudo apt-get install denyhosts
For more infos, have a read here: http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts
(3) give your server a static IP in your lan
On the router
(1) Forward port 22 to your server (it should have a static IP now) --> this is needed if you want to load stuff onto your server from outside your lan
(2) If possible, setup a dyndns on your router - some alternate firmware like dd-wrt/tomato-wrt allow that... if that's not possible, you can setup some dyndns on the server --> this is needed if you have not a static IP in your internet account
(1) Get WinSCP
http://www.winscp.com --> Free and Open Source
(2) Enter your server's IP and your username/password and access it
Get a program that allows SCP/SFTP (I know Konqueror does [use fish://user@server in Konqueror address bar]
May 21st, 2008, 09:12 AM
I agree with hyper_ch. scp and winscp work great. You can use pscp to script on the Windows side and fully automate your process.
BTW guys, it is usually not necessary to install ssh on your box unless you specifially told it not to install with the OS.
May 21st, 2008, 11:31 AM
ssh-server does not get installed by default :) so that needs to be installed.
Powered by vBulletin® Version 4.2.1 Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.