DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Installation and Upgrading

OpenBSD Installation and Upgrading Installing and upgrading OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 19th September 2010
phyro phyro is offline
Port Guard
 
Join Date: Sep 2010
Posts: 27
Thanked 0 Times in 0 Posts
Default couple questions

just wanted to see if anyone could help me out with a couple of questions.

#1(FTP) trying to setup ftpd . I got it all done up, encrypted, chrooted and the whole nine yards.. but I need to move it to a port higher then 1053 .. ?

how would I do that?

#2 (FTP) I have 4 hard drives mounted to a users home directory.

The ftp is chrooted to that users home dir. Is this the best way to set up a ftp site with a few drives? or is there a better way to allow more then 1 user to access those drives.

IE: wd0 has all the normal partitions. So I made a directory called "uploads" in user A's home directory. Then I mounted wd2 as /home/userA/work and wd4 as /home/userA/finished

What would be the best way to set up a user based ftp that will allow several users to access all 3 devices in a chrooted ftp site?

#3 (ntpd) everything appears to be running and configured (as per Freebsd) but it just wont fetch the time. what would be the rule for pf to allow that to run? (I'm guessing thats the problem)

#4 whats the best way to encrypt home directories? or how can i raise the length of the default encryption?

Thanks
Reply With Quote
  #2   (View Single Post)  
Old 19th September 2010
Oko's Avatar
Oko Oko is offline
Fsck Surgeon
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 774
Thanked 36 Times in 32 Posts
Default

ftp doesn't use specific port. It normally establish contact on 21 and then use random port for communication. Why would you want ftp on the first place. I would suggest you rethink that and use SSH instead (sftp or scp)
Reply With Quote
  #3   (View Single Post)  
Old 19th September 2010
shep shep is offline
ISO Quartermaster
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 593
Thanked 9 Times in 9 Posts
Default

Quote:
#3 (ntpd) everything appears to be running and configured (as per Freebsd) but it just wont fetch the time. what would be the rule for pf to allow that to run? (I'm guessing thats the problem)
OpenBSD wrote their own, simplified Network time protocol daemon.
that might be worth looking at.

http://www.openntpd.org/
Reply With Quote
  #4   (View Single Post)  
Old 20th September 2010
phyro phyro is offline
Port Guard
 
Join Date: Sep 2010
Posts: 27
Thanked 0 Times in 0 Posts
Default

Quote:
ftp doesn't use specific port. It normally establish contact on 21 and then use random port for communication. Why would you want ftp on the first place. I would suggest you rethink that and use SSH instead (sftp or scp)
my isp blocks the first 1053 ports so any service i put below that is not accessible by the web. So I wanted to put it on say port 2220. the ftp server accepts sftp commands normally, as well as standard ftp. In a perfect world I would eliminate normal ftp all together and only use sftp on a port +1053. ? Is there someone other way I should go about it?

Thanks
Reply With Quote
  #5   (View Single Post)  
Old 20th September 2010
phyro phyro is offline
Port Guard
 
Join Date: Sep 2010
Posts: 27
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by shep View Post
OpenBSD wrote their own, simplified Network time protocol daemon.
that might be worth looking at.
sweet, thanks.
Reply With Quote
  #6   (View Single Post)  
Old 20th September 2010
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,710
Thanked 214 Times in 189 Posts
Default

You can't "move" FTP. It requires ports 20 or 21 for console traffic (depending on active or passive FTP), and random high port numbers for data transfer. Since your ISP blocks the ports, you cannot offer FTP as a service.
Quote:
the ftp server accepts sftp commands normally, as well as standard ftp.
Huh?

If you mean the built-in ftpd(8) server, it does not use the SSH protocol, used by sftp(1) and scp(1).

SFTP was designed to use similar end-user commands, but the underlying communication protocol is very different. And encrypted.
Reply With Quote
  #7   (View Single Post)  
Old 21st September 2010
phyro phyro is offline
Port Guard
 
Join Date: Sep 2010
Posts: 27
Thanked 0 Times in 0 Posts
Default

Quote:
If you mean the built-in ftpd(8) server, it does not use the SSH protocol, used by sftp(1) and scp(1).

SFTP was designed to use similar end-user commands, but the underlying communication protocol is very different. And encrypted.
oh, ok thats good to know, does pure support that? or is there another server that I should use for that then?

thanks
Reply With Quote
  #8   (View Single Post)  
Old 21st September 2010
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,710
Thanked 214 Times in 189 Posts
Default

SFTP is supported by OpenSSH, which is built-in with OpenBSD.

The server is sshd(8), which is typically started via /etc/rc via the sshd_flags variable as set in /etc/rc.conf and overridden in /etc/rc.conf.local. You were asked about it when you installed OpenBSD; if you declined to have sshd run, it will be disabled in /etc/rc.conf.local. Delete the entry to enable it, as it is enabled by default in /etc/rc.conf.

For a complete list of man pages for OpenSSH, please see http://openssh.org/manual.html -- you will want to read at least sftp(1), sshd(8), sshd_config(5), and perhaps the highly useful ssh(1).
Reply With Quote
  #9   (View Single Post)  
Old 21st September 2010
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,710
Thanked 214 Times in 189 Posts
Default

Just to point you in the right direction .... by default, sshd will listen on port 22. You will want to change this. You can set the value of sshd_flags in /etc/rc.conf.local if you wish, but best practice would be to edit /etc/ssh/sshd_config and add a custom ListenAddress, along with other customizations you might make (such as disallowing root login, which is enabled at installation time only to make post-install provisioning easier remotely).

Here are some of my own changes to sshd_config in one of my servers:
Code:
PermitRootLogin no
PasswordAuthentication no
ClientAliveInterval 15
ClientAliveCountMax 3
X11Forwarding yes
AddressFamily inet
KbdInteractiveAuthentication yes

Last edited by jggimi; 21st September 2010 at 12:51 PM.
Reply With Quote
Old 21st September 2010
phyro phyro is offline
Port Guard
 
Join Date: Sep 2010
Posts: 27
Thanked 0 Times in 0 Posts
Default

Thanks Jggimi

that code was exactly what I needed.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Two PF questions sparker OpenBSD Security 5 9th November 2009 08:01 AM
Some Questions ?? ultranothing OpenBSD Security 6 4th September 2009 04:59 PM
Silly questions about Mac OS X? tutosun Other BSD and UNIX/UNIX-like 12 31st December 2008 03:45 PM
Couple of network questions (NAT, firewalls) ivanatora FreeBSD General 10 21st July 2008 05:26 PM
A couple of errors, which I believe are associated with the BIOS Johnny2Bad FreeBSD Installation and Upgrading 1 15th May 2008 03:58 AM


All times are GMT. The time now is 10:18 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick