How to get sftp more secure? - Security

This is a discussion on How to get sftp more secure? - Security ; Hello everyone, SSH is good to use, but it lead out one safety question, if you keep port '22' open, someone may use sftp to transfer data, it's not permited in our LAN, how to resove the question? Either if ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: How to get sftp more secure?

  1. How to get sftp more secure?

    Hello everyone,

    SSH is good to use, but it lead out one safety question, if you keep port
    '22' open, someone may use sftp to transfer data, it's not permited in our
    LAN, how to resove the question? Either if have a way to recode the data
    transfer, just like vsftpd doing, I may check the recode and get to know
    what's happening, it'll be acceptable also. Thanks for your help!

    Have a good day!

    Regards,

    Joffre



  2. Re: How to get sftp more secure?

    tech11 wrote:
    > Hello everyone,
    >
    > SSH is good to use, but it lead out one safety question, if you keep port
    > '22' open, someone may use sftp to transfer data, it's not permited in our
    > LAN, how to resove the question? Either if have a way to recode the data
    > transfer, just like vsftpd doing, I may check the recode and get to know
    > what's happening, it'll be acceptable also. Thanks for your help!
    >
    > Have a good day!
    >
    > Regards,
    >
    > Joffre
    >
    >

    let me be the first to say
    this post makes no sense please elaborate on your problems and use
    a spellchecker

  3. Re: How to get sftp more secure?

    tech11 wrote:
    > Hello everyone,
    >
    > SSH is good to use, but it lead out one safety question, if you keep port
    > '22' open, someone may use sftp to transfer data, it's not permited in our
    > LAN, how to resove the question? Either if have a way to recode the data
    > transfer, just like vsftpd doing, I may check the recode and get to know
    > what's happening, it'll be acceptable also. Thanks for your help!
    >
    > Have a good day!
    >
    > Regards,
    >
    > Joffre


    If you want to prevent data transfer then you'll have to unplug the
    network cable. sftp is a convenient tool but any data transfer that
    can be done via sftp can also be performed over an ssh interactive
    session. You need to re-think your policies and perhaps set up
    usage policies with penalties for employees who willfully violate
    them.

    Doug

  4. Re: How to get sftp more secure?

    tech11 wrote:
    > Hello everyone,
    >
    > SSH is good to use, but it lead out one safety question, if you keep port
    > '22' open, someone may use sftp to transfer data, it's not permited in our
    > LAN, how to resove the question? Either if have a way to recode the data
    > transfer, just like vsftpd doing, I may check the recode and get to know
    > what's happening, it'll be acceptable also. Thanks for your help!



    1. To disable sftp, you can eliminate the Subsystem sftp line from
    your sshd_config file.

    2. I always recommend moving the ssh port away from 22 just because
    there are too many bots out there that attempt brute force attacks
    against ssh at port 22.

    3. If you want to just allow certain users/networks look at the
    AllowUsers option of sshd_config.

  5. Re: How to get sftp more secure?

    On Wed, 17 Oct 2007 12:52:40 +0200, goarilla wrote:
    > tech11 wrote:
    >> Hello everyone,
    >>
    >> SSH is good to use, but it lead out one safety question, if you keep port
    >> '22' open, someone may use sftp to transfer data, it's not permited in our
    >> LAN, how to resove the question? Either if have a way to recode the data
    >> transfer, just like vsftpd doing, I may check the recode and get to know
    >> what's happening, it'll be acceptable also. Thanks for your help!
    >>

    > let me be the first to say
    > this post makes no sense please elaborate on your problems and use
    > a spellchecker


    And, stop multi-posting.

    (The OP need to use a spell checker and you need to use punctuation. :-)

  6. Re: How to get sftp more secure?

    tech11 wrote:
    > Hello everyone,
    >
    > SSH is good to use, but it lead out one safety question, if you keep port
    > '22' open, someone may use sftp to transfer data, it's not permited in our
    > LAN, how to resove the question? Either if have a way to recode the data
    > transfer, just like vsftpd doing, I may check the recode and get to know
    > what's happening, it'll be acceptable also. Thanks for your help!
    >
    > Have a good day!
    >
    > Regards,
    >
    > Joffre


    Try this:

    [joffre@hydrogen ~]$ ssh oxygen cat anyfile > anyfile

    You will find that the file ~/anyfile has been copied from oxygen to
    hydrogen. As Doug says, data can be transfered without using sftp.

    Sarah

  7. Re: How to get sftp more secure?

    Allodoxaphobia wrote:
    > On Wed, 17 Oct 2007 12:52:40 +0200, goarilla wrote:
    >> tech11 wrote:
    >>> Hello everyone,
    >>>
    >>> SSH is good to use, but it lead out one safety question, if you keep port
    >>> '22' open, someone may use sftp to transfer data, it's not permited in our
    >>> LAN, how to resove the question? Either if have a way to recode the data
    >>> transfer, just like vsftpd doing, I may check the recode and get to know
    >>> what's happening, it'll be acceptable also. Thanks for your help!
    >>>

    >> let me be the first to say
    >> this post makes no sense please elaborate on your problems and use
    >> a spellchecker

    >
    > And, stop multi-posting.
    >
    > (The OP need to use a spell checker and you need to use punctuation. :-)

    punctuation **** punctuation !

  8. Re: How to get sftp more secure?

    On 18 Oct, 17:10, Chris Cox wrote:
    > tech11 wrote:
    > > Hello everyone,

    >
    > > SSH is good to use, but it lead out one safety question, if you keep port
    > > '22' open, someone may use sftp to transfer data, it's not permited in our
    > > LAN, how to resove the question? Either if have a way to recode the data
    > > transfer, just like vsftpd doing, I may check the recode and get to know
    > > what's happening, it'll be acceptable also. Thanks for your help!

    >
    > 1. To disable sftp, you can eliminate the Subsystem sftp line from
    > your sshd_config file.
    >
    > 2. I always recommend moving the ssh port away from 22 just because
    > there are too many bots out there that attempt brute force attacks
    > against ssh at port 22.
    >
    > 3. If you want to just allow certain users/networks look at the
    > AllowUsers option of sshd_config.


    Unfortunately, *ANY* shell can be used to transmit information. Even
    SSH can be used with the FUSE system to prevent a mountable file-
    system of the SSH server. So the underlying policy seems quite
    confusing.


+ Reply to Thread