Ftp Over Ssl

[ztrauq]

This is somewhat in relation to the previous post on FTP security. I've heard some rumors about an FTP daemon that can run FTP over SSL, as well as the possibility of setting up an SSL tunnel between sites and then running FTP through that. I've also heard from some UNIX experts that you can a secure ftp or secure copy program as a subset of OpenSSH, without allowing a full login to a command shell. Are any of these solutions being looked at for TCH? Right now, TCH security seems good, with FTP's sending passwords in the clear as the only weak point - I'd be interested to know if you're working on solutions other than using File Manager over SSL (which is very cumbersome for uploading large numbers of files, as you can only select them a few at a time).

[idallen]

You can request ssh (Secure Shell) access to your account. That will let you use the

secure "scp" program.

[TCH-JimE]

I would like to point out that you can request a SSH access which is Jailshell only.

 

There is a $10 fee and the approval is completley upto Head Guru so please give a very good reason why!

[ztrauq]

The thing is, I don't really need a shell account - I just want a way of uploading a bunch of files at once in an efficient and secure manner. I understand your security concerns - obviously, you don't want someone with shell access to also have access to another user's directory. Still, does TCH have any plans for installing a more secure uploading method? If so, just tell me and I'll shut up - if not, just tell me why, and what your concerns are. I mean no offense - I'm just looking for solutions. There are hackers out there, and I'd prefer that one of them didn't grab my password and mess up my website, that's all.

 

Any other solutions that people have to at least make the FTP connection somehow a little more secure would also be welcome.

[Fawn]

I am also interested in this option. I don't necessarily require shell access, but I do want a secure means in which to FTP my files. My workplace blocks the port cpanel uses so I am unable to transfer files this way.

 

If there is no other secure method to FTP in place, I will request secure shell access. Please let me know. Thanks.

[ztrauq]

From what I'm hearing, it doesn't look like secured FTP (at least with out special shell access request) will be showing up any time soon. While I don't agree with this decision, I do definitely understand the rationale behind it, as the FTP connections don't have the security headache that allowing people direct shell access to the system can cause.

 

Still, are there any other workarounds to this? I've been using the CPanel over SSL, which is adequate for small posts. Is ther som way, though, to have CPanel upload more files at a time, or upload whole directories?

 

Until there's some other method, though, I just came across something to get around the CPanel limitation. Take all the files you want to upload, and stick them in a standard type of archive (.tgz or .zip). Then, you only have to upload 1 file, which can be uploaded to the directory you want over the encrypted CPanel File Manager. From there, select the file and choose the "Extract File Contents" option. This will then extract all of your files into the current directory.

 

Anyway, hope that helps anyone who wants to transfer a bunch of files in a secure manner. It's a shame that you can't grant someone scp access without a full secure shell login - that would make things a lot simpler.