[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] SMB options
SSH is the way to go...I use a chroot'd jail environment for upload and
only permit RSA PKI authentication for secure copy (SCP) upload. Since
most of our users are mere mortals, I advise WinSCP as the winX client
software (not sure if there's a GNU equivalent), but the savvys usually
use the SCP command line tools. Admittedly, it's a bit of
administrative overhead, but at least I get some shuteye :0) This is
also good because the savvys have a dummy login shell with only the
commands necessary for file transfer (cp, rm, mkdir, mv, etc.....but NO
su). Here are some references:
and my favorite book of all time (SSH Definitive Guide):
> David Hamm wrote:
>> I have an FTP server sittting on the Internet. One group of users
>> uploads files via FTP the other group downloads those files via SMB.
>> Securing SMB communications in most cases is handeled by listing the
>> SMB users's IP address in an IPTables rule with a -j ACCEPT. But
>> recently I gained an SMB user an ALLTel's network and ALLTel blocks
>> port 135. The only options I can come up with is eithher FreeSwan or
>> PopTop and from recent experiences I'm not excited about using
>> either. I wonder if I could run SMB on another port? Under Linux I
>> don't see a problem but the Windows workstations mounting the share
>> can't be modified since they also participate in an SMB based LAN.
>> Any suggestions are welcomed.
> Personally, I think you're absolutely insane to be permitting Windows
> file sharing over the internet. You're just asking for trouble.
> You should find a different solution. What about ssh?