can I serve sftp but not ftp?

L

Lazarus18

In debt medical student
I grab stuff off of my home computer all the time, and have some stuff set up for friends to grab as well. I know I can ssh in, but sftp would be nice too. How would I set things up to allow sftp transfers, but NOT ftp transfers? The security aspect concerns me.
 
In OS X, if you are running ssh you are also running sftp by default. Sftp is totally separate from ftp and the connection is through the same port as ssh, port 22. I think maybe the authentication and encryption are actually handled by ssh but it passes on commands and such to the sftp-server program. I've never seen sftp run without ssh.
 
In fact, a sftp connection is an ftp connection that passes over an ssh connection. So, i think the sftp needs the ftp server.
But you can use the fireWall to forbid all ftp acces. There is two ports for the FTP : comand port, 21 (maby usefull in sftp) and the data port, 20 (only used in active mode). I think the port 22 (ssh) is used instead of the 20 for sftp transfers.
Try to block both the 21 and the 20 ports, and if sftp don't work anymore, try to block packets on the port 20 ...
Of course, ports >1024 should be blocked also to avoid passiv mode connections.
I hope this helped ...
 
Extra88 was right. You don't need ftp turned on. Turning on ssh ("allow remote login" in the Sharing Preference pane) also turns on sftp. No need to diddle withh firewalls and whatnot.
 
Oups, you're right : after a test, an sftp connection launches a dedicated sftp server controled by the allow remote login preference. Sorry for the bad information.
 
You must log in or register to reply here.
Back
Top