[SLE] setting up ftp server under Suse 10.1?

From: stephan beal <stephan@xxxxxxxx>
Date: Sat, 26 Aug 2006 16:25:51 +0200

Hello, group!

My new employer insists on having an FTP service running on one of our
servers, despite warnings that we should use scp instead. i've never
set up an ftp server, i'm looking for help...

Yast has a TFTP setup module, but it is very bare. It doesn't allow any
configuration options except to enable/disable it and open/close the
appropriate firewall port. After poking around a bit i can see that it
wants to run tftp via xinetd, but:

a) i can't see where to configure it, e.g., which users are allowed to
ftp in.

b) Connecting over ftp times out if i have the SuseFirewall running
(even though the tftp port has been opened). If the SuseFirewall is
shut down the connect fails immediately, which leads me to believe that
xinetd is not getting the request or is immediately denying it.

My /etc/xinetd.d/tftp file looks like (comment lines excluded):

service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
disable = no
}

The directory /tftpboot does exist but is empty. i would like to (need
to) configure it such that the machine's users can log in and are
directed to their own home directories.

Looking at the tftp log in Yast shows this:

Aug 26 16:13:38 syntax xinetd[20988]: Reading included configuration
file: /etc/xinetd.d/tftp [file=/etc/xinetd.d/tftp] [line=17]

However, line 17 is the last line and it is empty. ???

The machine is behind a firewall which redirects the ftp port to the
Linux box on which tftp is running. Do we need to open/forward another
range of ports on the firewall?

Any tips would be appreciated. i am not averse to installing another ftp
server package, if that's necessary.

PS: despite how tempting it will be for many of you, please don't preach
to me about the insecurity of ftp. i'm fully aware of this. The Boss
wants ftp, so ftp he gets. The first time the machine is cracked via
ftp, i'll tell him "i told you so" and will then get my way (only
ssh/scp connections).

--
----- stephan@xxxxxxxx http://s11n.net
"...pleasure is a grace and is not obedient to the commands
of the will." -- Alan W. Watts

Attachment: pgpQABHnzrzOY.pgp
Description: PGP signature

Follow-Ups:
- [SLE] Re: solved [SLE] setting up ftp server under Suse 10.1?
  - From: stephan beal

Prev by Date: Re: [SLE] linux deskto survey (spoiler)
Next by Date: Re: [SLE] /etc/sysconfig/network/ifcfg-lo - setting multiple IP-addresses
Previous by thread: [SLE] syslog-ng config and problems
Next by thread: [SLE] Re: solved [SLE] setting up ftp server under Suse 10.1?
Index(es):
- Date
- Thread

Relevant Pages

Re: Microsoft FTP Server problem on W2K?
... I have technical responsibility for this FTP implementation, ... Since PASV voids PORT, the client side ... connect to the server from" isn't implied by the text of the RFC. ...
(microsoft.public.inetserver.iis.security)
Re: Some questions
... > using my ftp software behind my router. ... > issued to server by the client. ... When PORT is used: ... > Can you give me a command line used in a browser to explain me what is the ...
(comp.security.firewalls)
Re: Firewall and ftp service
... I'll say it again, FTP is eeeevul. ... > which redirects the traffic to my public ftp server. ... > should force the server to stay on port 21 for tha data connection, ... the client tells the server what port it will be ...
(FreeBSD-Security)
Re: Firewall and ftp service
... FTP is eeeevul. ... >> which redirects the traffic to my public ftp server. ... > client connects to the server on port 21. ... the client tells the server what port it will be ...
(FreeBSD-Security)
Re: ftp problem
... The remote end will have to have port 20 and 21 ... Check it with another ftp site to make sure. ... The remote FTP server is on a remote ... >> a client to be able to ftp out. ...
(microsoft.public.windows.server.sbs)