[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Sun Jan 11 22:13:55 2004 -->
- <!--x-from-r13: wfrpuzna ng oryyfbhgu.arg (Xbr Erpuzna) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] SMB options -->
- <li><em>date</em>: Sun Jan 11 22:13:55 2004</li>
- <li><em>from</em>: jsechman at bellsouth.net (Joe Sechman)</li>
- <li><em>in-reply-to</em>: <<a href="msg00434.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00374.html">[email protected]</a>> <<a href="msg00417.html">[email protected]</a>> <<a href="msg00419.html">[email protected]</a>> <<a href="msg00434.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] SMB options</li>
Joe
David Hamm wrote:
>I'm sorry but my clients wouldn't accept using a command line tool to download
>files. Sure I can distribute WinSCP and write a script that would write a
>batch file and email it to the user so they could download the files. But,
>full file management is a necessity. And training the user isn't realistic
>turnover is high enough that retraining would be frequent.
>
>Thanks for your help.
>
>
>On Sunday 11 January 2004 11:36 am, Joe Sechman wrote:
>
>
>>SSH is the way to go...I use a chroot'd jail environment for upload and
>>only permit RSA PKI authentication for secure copy (SCP) upload. Since
>>most of our users are mere mortals, I advise WinSCP as the winX client
>>software (not sure if there's a GNU equivalent), but the savvys usually
>>use the SCP command line tools. Admittedly, it's a bit of
>>administrative overhead, but at least I get some shuteye :0) This is
>>also good because the savvys have a dummy login shell with only the
>>commands necessary for file transfer (cp, rm, mkdir, mv, etc.....but NO
>>su). Here are some references:
>>
>>Jailchroot project
>><a rel="nofollow" href="http://www.jmcresearch.com/projects/jail/";>http://www.jmcresearch.com/projects/jail/</a>
>>
>>WinSCP
>><a rel="nofollow" href="http://winscp.sourceforge.net/eng/";>http://winscp.sourceforge.net/eng/</a>
>>
>>and my favorite book of all time (SSH Definitive Guide):
>><a rel="nofollow" href="http://www.bookpool.com/.x/odr44xorc0/sm/0596000111";>http://www.bookpool.com/.x/odr44xorc0/sm/0596000111</a>
>>
>>-Cheers,
>>Joe Sechman
>>
>>
>>
>>>David Hamm wrote:
>>>
>>>
>>>>Hello,
>>>>
>>>>I have an FTP server sittting on the Internet. One group of users
>>>>uploads files via FTP the other group downloads those files via SMB.
>>>>Securing SMB communications in most cases is handeled by listing the
>>>>SMB users's IP address in an IPTables rule with a -j ACCEPT. But
>>>>recently I gained an SMB user an ALLTel's network and ALLTel blocks
>>>>port 135. The only options I can come up with is eithher FreeSwan or
>>>>PopTop and from recent experiences I'm not excited about using
>>>>either. I wonder if I could run SMB on another port? Under Linux I
>>>>don't see a problem but the Windows workstations mounting the share
>>>>can't be modified since they also participate in an SMB based LAN.
>>>>Any suggestions are welcomed.
>>>>
>>>>
>>>Personally, I think you're absolutely insane to be permitting Windows
>>>file sharing over the internet. You're just asking for trouble.
>>>
>>>You should find a different solution. What about ssh?
>>>
>>>
>>_______________________________________________
>>Ale mailing list
>>Ale at ale.org
>><a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
>>
>>
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
><a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
>
>
>
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00374" href="msg00374.html">[ale] SMB options</a></strong>
<ul><li><em>From:</em> ale at spinnerdog.com (David Hamm)</li></ul></li>
<li><strong><a name="00417" href="msg00417.html">[ale] SMB options</a></strong>
<ul><li><em>From:</em> esoteric at 3times25.net (Geoffrey)</li></ul></li>
<li><strong><a name="00419" href="msg00419.html">[ale] SMB options</a></strong>
<ul><li><em>From:</em> jsechman at bellsouth.net (Joe Sechman)</li></ul></li>
<li><strong><a name="00434" href="msg00434.html">[ale] SMB options</a></strong>
<ul><li><em>From:</em> ale at spinnerdog.com (David Hamm)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00437.html">[ale] Domain name registrars--advice, experience?</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00439.html">[ale] Gnome doesn't seem to like me.</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00434.html">[ale] SMB options</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00446.html">[ale] SMB options</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00438"><strong>Date</strong></a></li>
<li><a href="threads.html#00438"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>