I want really to secure my server as much as possible but still make it simple for authorized personals to access the sites via FTP.

I was wondering if I were to install OpenSSH, would that affect the way I FTP or could I still use the normal method to FTP if I choose to do so ?

Thanks

I can't think of how OpenSSH would interfere with any existing FTP service.

OPENSSH is for secure shell access, it does not have anything to do with ftp. There are other ways of securing ftp access, if you use ftp, may be you should consider locking a user to his home directory, this would prevent him from going up to the root and/or viewing other users/system files.

Although i know how this could be acheved but that requires intense manual work, i.e. copying of command/system files to user folder, editing the passwd, etc which i do not like, i am sure there must be some global setting for this like they have for proFTPd.

Any expert on restricting users to their home directory on WUFTPd around here? Pls advice.

FTP is unencrypted. It's pointless to use ssh only to later use ftp... unless they're both separate accounts with different passwords...

Same with pop emails.

you can use sftp (secure file transfer program) to connect to your server over ssh. the only windows program that I am familiar with is the putty PSFTP client which you can download from :

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Im sure if you search google you may be able to find a better windows SFTP program as the putty one is not ideal for transfering lots of files.. basically could sum it up as a dos like interface.

but if you're looking for a secure alternative to ftp without additional work, using sftp is what I would recommend.

Skeptical, im not sure if you're familiar with POP3s at all.. but it is a great alternative to stanard pop3 which sends your passwords using plaintext.

it creates a ssl connection to the server much like if you goto an ecommerce site using https://

Thanks for the feedback. Yeah, I heard of SFTP and thought that OpenSSH causes both telnet and ftp to be access securely only.

As for SSH Telnet, I would be the only one accessing the server via it, through an unpublished login. I made sure that no one else have access to it.

As for FTP, I still want those authorized to access the ftp to do so. I am using a RaQ and the FTP has already been set to confide them to their directory only. So that helps.

Thanks again.

It sounds like you may be generally confused on what the differences are between telnet, SSH, and FTP services.

I would recommend reading the man pages for telnet and sshd.

man telnetd
man sshd

And then I'm at a loss on where to send you for information on FTP.

Or you could just read all of the RFCs at:

http://www.faqs.org/rfcs/

Originally posted by brian-WHT
Skeptical, im not sure if you're familiar with POP3s at all.. but it is a great alternative to stanard pop3 which sends your passwords using plaintext.

it creates a ssl connection to the server much like if you goto an ecommerce site using https://

I just tunnel pop3 through ssh via port forwarding.

You can tunnel pretty much anything over SSH. Personally, at work, we tunnel VNC and FTP over SSH, as well as POP and SMTP when outside of the company network. We couldn't get SMTP_AUTH compiled into sendmail for a plethora of reasons, so we have our network allowed to relay by IP, and everyone else blocked. Therefore, we couldn't send mail through our SMTP servers from the road or whatnot. So, we just tunnel SMTP over SSH to a box inside of our network, the source IP registers as the IP of the internal box, and we're through.

You can secure pretty much anything this way, as well. VNC is a great example - passwords are cleartext, so it's a good idea to use a tunnel. If you don't have POP3s installed, tunneling is a good alternative.

Now I gotta figure out how to tunnel Samba :)