Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Thread Tools Display Modes
  #1   (View Single Post)  
Old 20th November 2013
FrankieKat FrankieKat is offline
New User
Join Date: Nov 2013
Posts: 1
Default OpenBSD ftpd FTP/TLS

I'm looking into setting up a "secure" FTP server, and feel like OpenBSD would be a good choice.

I've configured the core OpenBSD ftpd server and have set up a very workable process to manage file privileges and restrictions using login classes. However, I have not been able to find any information on how/if this can be set up using FTP over TLS, as some clients have legal requirements for over-the-wire encryption for certain data.

Obviously I could look at vsftpd, PureFTPD or use SFTP using OpenSSH, but I would frankly rather use the core as much as possible to minimize attack surface.

Thanks so much.

Reply With Quote
  #2   (View Single Post)  
Old 20th November 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 6,422

Hello, and welcome! I don't think this is possible with ftpd(8), though of course I could be wrong. I often am.

I believe that the OpenBSD Prroject would have a difference of opinion over what is considered core. OpenSSH is more than a tool that is included in the base with other applications, OpenSSH is an OpenBSD subproject. There are two versions of OpenSSH, a) the OpenSSH included with OpenBSD, and b) Portable OpenSSH, for use with other operating systems: other BSDs, Unix systems, Linux, etc.
Reply With Quote
  #3   (View Single Post)  
Old 20th November 2013
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102

Originally Posted by jggimi View Post
Hello, and welcome! I don't think this is possible with ftpd(8), though of course I could be wrong. I often am.
Reply With Quote
  #4   (View Single Post)  
Old 21st November 2013
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,507

Many programs can be run using SSL by the use of stunnel. Unfortunately ftp is not one of them. From http://www.stunnel.org/faq.html?extra=/stunnel.html

FTP over stunnel does not work

Stunnel cannot be used for the FTP daemon because of the nature of the FTP protocol which utilizes multiple ports for data transfers. There are SSL aware FTP servers available.
So you would have to install vsftpd to use FTP over SSL/TLS. But if your clients are familiar with the FileZilla ftp client, you also could use SFTP (FTP over SSH)

As stated at https://wiki.filezilla-project.org/Main_Page :
FileZilla Client is a free, open source FTP client. It supports FTP, SFTP, and FTPS (FTP over SSL/TLS). The client is available under many platforms, binaries for Windows, Linux and Mac OS X are provided.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ftpd - listen port webtc OpenBSD Security 2 13th October 2010 10:37 AM
inetd, ftpd problems jsadm FreeBSD General 7 24th August 2008 08:33 PM
ftpd problem narcotico FreeBSD General 3 11th July 2008 03:08 AM
ftpd and hiding . files crofox OpenBSD Packages and Ports 5 26th June 2008 03:01 AM
pure-ftpd hirohitosan FreeBSD Ports and Packages 3 10th June 2008 06:31 PM

All times are GMT. The time now is 11:53 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick