[ale] SMB options
David Hamm
ale at spinnerdog.com
Sun Jan 11 21:02:07 EST 2004
I'm sorry but my clients wouldn't accept using a command line tool to download
files. Sure I can distribute WinSCP and write a script that would write a
batch file and email it to the user so they could download the files. But,
full file management is a necessity. And training the user isn't realistic
turnover is high enough that retraining would be frequent.
Thanks for your help.
On Sunday 11 January 2004 11:36 am, Joe Sechman wrote:
> SSH is the way to go...I use a chroot'd jail environment for upload and
> only permit RSA PKI authentication for secure copy (SCP) upload. Since
> most of our users are mere mortals, I advise WinSCP as the winX client
> software (not sure if there's a GNU equivalent), but the savvys usually
> use the SCP command line tools. Admittedly, it's a bit of
> administrative overhead, but at least I get some shuteye :0) This is
> also good because the savvys have a dummy login shell with only the
> commands necessary for file transfer (cp, rm, mkdir, mv, etc.....but NO
> su). Here are some references:
>
> Jailchroot project
> http://www.jmcresearch.com/projects/jail/
>
> WinSCP
> http://winscp.sourceforge.net/eng/
>
> and my favorite book of all time (SSH Definitive Guide):
> http://www.bookpool.com/.x/odr44xorc0/sm/0596000111
>
> -Cheers,
> Joe Sechman
>
> > David Hamm wrote:
> >> Hello,
> >>
> >> I have an FTP server sittting on the Internet. One group of users
> >> uploads files via FTP the other group downloads those files via SMB.
> >> Securing SMB communications in most cases is handeled by listing the
> >> SMB users's IP address in an IPTables rule with a -j ACCEPT. But
> >> recently I gained an SMB user an ALLTel's network and ALLTel blocks
> >> port 135. The only options I can come up with is eithher FreeSwan or
> >> PopTop and from recent experiences I'm not excited about using
> >> either. I wonder if I could run SMB on another port? Under Linux I
> >> don't see a problem but the Windows workstations mounting the share
> >> can't be modified since they also participate in an SMB based LAN.
> >> Any suggestions are welcomed.
> >
> > Personally, I think you're absolutely insane to be permitting Windows
> > file sharing over the internet. You're just asking for trouble.
> >
> > You should find a different solution. What about ssh?
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list