Home > IT Answers > Microsoft Windows > FTP over SSH on Windows
Labnuke99
26360 pts.
0
Q:
FTP over SSH on Windows
Windows server, FTP Over SSH, FTP, SSH, gene6
Has anyone ever set up a Windows server for FTP over SSH? The FTP server I use is Gene6 (hosts over 100 user accounts). If you have not used that particular FTP server application, which one do you use and why?

Thanks!
ASKED: Feb 19 2009  10:03 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
0
Edhacker
15 pts.
0
A:
 RATE THIS ANSWER
+1
Click to Vote:
  •   1
  •  0
  • AddThis Social Bookmark Button
You could use an SSH server, running on your Windows server to provide a Secure-FTP (SFTP) service. Google turns up several good descriptions on this, like this one:

http://www.digitalmediaminute.com/article/1487/setting-up-a-sftp-server-on-windows

I would recommend Van Dyke (http://www.vandyke.com) for one of many good commercial SSH server implementations for Windows. Open source alternatives include the SSHWindows project (http://sshwindows.sourceforge.net).

In any case, follow best practices for allowing access to your server, including:
- configure the SSH server to only allow the minimum access necessary, including restricting or disallowing interactive SSH command line access
- use distinct accounts for the fewest users possible, ideally an individual account per user
- use public key authentication where possible instead of username / passwords (requires out-of-band or secure distribution of the keys)
- enable SSH server logging and ensure your log monitoring tools are receiving events from the SSH server

Note this is an incomplete list, just off the top of my head.

Hopefully this helps.
Regards,
AP
Last Answered: Feb 19 2009  11:42 PM GMT by Edhacker   15 pts.
  •   
0
0
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Petkoa   985 pts.  |   Feb 20 2009  6:39PM GMT

Hi,

it’s quite tricky to set ssl/tls ftp - for the same reasons ftp is tricky for natting and firewalling: control channel, data channels on various ports, encryption of just control channel, but not data channels etc., etc… - but I believe you are aware of this. I’d agree with Edhacker, that most convenient way would be to set up ssh server instead of ftp server and use scp and sftp - there are some cool gui-clients for windows (winscp, sftp plugin for the Total Commander, etc.)

If, however, your users insist on using their favorite ftp-clients, offer them ssh-tunneling option. You have again to set up ssh server on the ftp server host, and instruct users how to build and use ssh tunnels. Most ssh clients don’t support ftp-tunneling - again because of “data channels” scheme, but some have “helpers” - just like in linux connection tracking. In fact, the only such client I have used is appgate’s MindTerm. It is still alive, and if it’s licensing is OK for you, your users are happy.

Some years ago I had prepared presentation on this and some close topics, you can still can find it on:

 <a href="http://cose.math.bas.bg/CSE/M4/PAlovConnectivity.pdf" title="http://cose.math.bas.bg/CSE/M4/PAlovConnectivity.pdf" target="_blank">http://cose.math.bas.bg/CSE/M4/PAlovConn…</a>

pp. 19-20 deal with MindTerm setup for ftp tunneling.

But anyway, ftp is outdated - better use scp/sftp.

Good luck,

Petko

 
0