[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] SMB options

SSH is the way to go...I use a chroot'd jail environment for upload and 
only permit RSA PKI authentication for secure copy (SCP) upload.  Since 
most of our users are mere mortals, I advise WinSCP as the winX client 
software (not sure if there's a GNU equivalent), but the savvys usually 
use the SCP command line tools.  Admittedly, it's a bit of 
administrative overhead, but at least I get some shuteye :0)  This is 
also good because the savvys have a dummy login shell with only the 
commands necessary for file transfer (cp, rm, mkdir, mv, etc.....but NO 
su).  Here are some references:

Jailchroot project


and my favorite book of all time (SSH Definitive Guide):

Joe Sechman

> David Hamm wrote:
>> Hello,
>> I have an FTP server sittting on the Internet.  One group of users
>> uploads files via FTP the other group downloads those files via SMB.
>> Securing SMB communications in most cases is handeled by listing the
>> SMB users's IP address in an IPTables rule with a -j ACCEPT.  But
>> recently I gained an SMB user an ALLTel's network and ALLTel blocks
>> port 135.  The only options I can come up with is eithher FreeSwan or
>> PopTop and from recent experiences I'm not excited about using
>> either.  I wonder if I could run SMB on another port? Under Linux I
>> don't see a problem but the Windows workstations mounting the share
>> can't be modified since they also participate in an SMB based LAN.
>> Any suggestions are welcomed.
> Personally, I think you're absolutely insane to be permitting Windows 
> file sharing over the internet.  You're just asking for trouble.
> You should find a different solution. What about ssh?