Re: Security Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Christopher K. Johnson wrote:

Roger Taranto wrote:

I've just upgraded to FC2, and I'm trying to figure out who to handle a
security access situation. I would like to keep the security on the machine
pretty high since I use it as a firewall, but I also would like to give
access to a friend to update a web site hosted on the computer. She would
be coming in via FTP (for example, DreamWeaver), but is using a cable
connection and therefore won't always be tied to the same IP address.


How do I keep security tight while still allowing her to connect to update
the web site?


Thanks,
-Roger




As a firewall it is a mistake to allow any outside access to services that authenticate without encrypting. So ftp access is a really bad idea. Your best option might be webDAV over ssl. It can be configured on your web server be id/password restricted, and use a test certificate you create for ssl encryption. Another secure alternative is scp, but then you have allowed the person shell login access using ssh as well. If that is not necessary, use the webDAV over ssl.

I would recommend using SFTP with WinSCP (althougn the name it supports sftp too). SCP supports only copying files and therefore the graphical clients must have shell access. This is not needed with SFTP and sftp subsystem is part of openssh for quite a long time.
There are also many "shells" for using scp and sftp only. I'm using http://freshmeat.net/projects/rssh/ .It can even chroot after a few coffees or cokes :) .


Radek



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux