How to get sftp more secure? - Setup

This is a discussion on How to get sftp more secure? - Setup ; Hello everyone, SSH is good to use, but it lead out one safety question, if you keep port '22' open, someone may use sftp to transfer data, it's not permited in our LAN, how to resove the question? Either if ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: How to get sftp more secure?

  1. How to get sftp more secure?

    Hello everyone,

    SSH is good to use, but it lead out one safety question, if you keep port
    '22' open, someone may use sftp to transfer data, it's not permited in our
    LAN, how to resove the question? Either if have a way to recode the data
    transfer, just like vsftpd doing, I may check the recode and get to know
    what's happening, it'll be acceptable also. Thanks for your help!

    Have a good day!

    Regards,

    Joffre




  2. Re: How to get sftp more secure?

    In comp.os.linux.setup tech11 :
    > Hello everyone,


    > SSH is good to use, but it lead out one safety question, if you keep port
    > '22' open, someone may use sftp to transfer data, it's not permited in our
    > LAN, how to resove the question? Either if have a way to recode the data
    > transfer, just like vsftpd doing, I may check the recode and get to know
    > what's happening, it'll be acceptable also. Thanks for your help!


    Just remove the sftp subsystem from sshd_config, probably force
    ssh protocol 2 only, reload ssh, done. Though one could still
    use scp or even ssh to transfer data.

    Alternatively enhance sshd logging (sshd_config(5)) and see what
    it can do for you in regards to logging file transfers.

    Good luck

    --
    Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
    #bofh excuse 226: A star wars satellite accidentally blew up
    the WAN.

  3. Re: How to get sftp more secure?

    "tech11" writes:

    > SSH is good to use, but it lead out one safety question, if you keep port
    > '22' open, someone may use sftp to transfer data,


    Also ssh.

    > it's not permited in our LAN, how to resove the question?


    Don't allow remote login. If you allow someone remote login, then you
    will have an awful hard time preventing them transferring files.
    Just think of this command:

    ssh machine2 'tar cf - /etc/*' | tar xf -

    Vilmos

+ Reply to Thread