How to get sftp more secure?

Hello everyone,

SSH is good to use, but it lead out one safety question, if you keep port
'22' open, someone may use sftp to transfer data, it's not permited in our
LAN, how to resove the question? Either if have a way to recode the data
transfer, just like vsftpd doing, I may check the recode and get to know
what's happening, it'll be acceptable also. Thanks for your help!

Have a good day!

Regards,

Joffre

tech11 wrote:
> Hello everyone,
>
> SSH is good to use, but it lead out one safety question, if you keep port
> '22' open, someone may use sftp to transfer data, it's not permited in our
> LAN, how to resove the question? Either if have a way to recode the data
> transfer, just like vsftpd doing, I may check the recode and get to know
> what's happening, it'll be acceptable also. Thanks for your help!
>
> Have a good day!
>
> Regards,
>
> Joffre
>
>
let me be the first to say
this post makes no sense please elaborate on your problems and use
a spellchecker

tech11 wrote:
> Hello everyone,
>
> SSH is good to use, but it lead out one safety question, if you keep port
> '22' open, someone may use sftp to transfer data, it's not permited in our
> LAN, how to resove the question? Either if have a way to recode the data
> transfer, just like vsftpd doing, I may check the recode and get to know
> what's happening, it'll be acceptable also. Thanks for your help!
>
> Have a good day!
>
> Regards,
>
> Joffre

If you want to prevent data transfer then you'll have to unplug the
network cable. sftp is a convenient tool but any data transfer that
can be done via sftp can also be performed over an ssh interactive
session. You need to re-think your policies and perhaps set up
usage policies with penalties for employees who willfully violate
them.

Doug

tech11 wrote:
> Hello everyone,
>
> SSH is good to use, but it lead out one safety question, if you keep port
> '22' open, someone may use sftp to transfer data, it's not permited in our
> LAN, how to resove the question? Either if have a way to recode the data
> transfer, just like vsftpd doing, I may check the recode and get to know
> what's happening, it'll be acceptable also. Thanks for your help!


1. To disable sftp, you can eliminate the Subsystem sftp line from
your sshd_config file.

2. I always recommend moving the ssh port away from 22 just because
there are too many bots out there that attempt brute force attacks
against ssh at port 22.

3. If you want to just allow certain users/networks look at the
AllowUsers option of sshd_config.

On Wed, 17 Oct 2007 12:52:40 +0200, goarilla wrote:
> tech11 wrote:
>> Hello everyone,
>>
>> SSH is good to use, but it lead out one safety question, if you keep port
>> '22' open, someone may use sftp to transfer data, it's not permited in our
>> LAN, how to resove the question? Either if have a way to recode the data
>> transfer, just like vsftpd doing, I may check the recode and get to know
>> what's happening, it'll be acceptable also. Thanks for your help!
>>
> let me be the first to say
> this post makes no sense please elaborate on your problems and use
> a spellchecker

And, stop multi-posting.

(The OP need to use a spell checker and you need to use punctuation. :-)

tech11 wrote:
> Hello everyone,
>
> SSH is good to use, but it lead out one safety question, if you keep port
> '22' open, someone may use sftp to transfer data, it's not permited in our
> LAN, how to resove the question? Either if have a way to recode the data
> transfer, just like vsftpd doing, I may check the recode and get to know
> what's happening, it'll be acceptable also. Thanks for your help!
>
> Have a good day!
>
> Regards,
>
> Joffre

Try this:

[joffre@hydrogen ~]$ ssh oxygen cat anyfile > anyfile

You will find that the file ~/anyfile has been copied from oxygen to
hydrogen. As Doug says, data can be transfered without using sftp.

Sarah

Allodoxaphobia wrote:
> On Wed, 17 Oct 2007 12:52:40 +0200, goarilla wrote:
>> tech11 wrote:
>>> Hello everyone,
>>>
>>> SSH is good to use, but it lead out one safety question, if you keep port
>>> '22' open, someone may use sftp to transfer data, it's not permited in our
>>> LAN, how to resove the question? Either if have a way to recode the data
>>> transfer, just like vsftpd doing, I may check the recode and get to know
>>> what's happening, it'll be acceptable also. Thanks for your help!
>>>
>> let me be the first to say
>> this post makes no sense please elaborate on your problems and use
>> a spellchecker
>
> And, stop multi-posting.
>
> (The OP need to use a spell checker and you need to use punctuation. :-)
punctuation FUCK punctuation :D !

On 18 Oct, 17:10, Chris Cox <ccox_nopenott...@airmail.net> wrote:
> tech11 wrote:
> > Hello everyone,
>
> > SSH is good to use, but it lead out one safety question, if you keep port
> > '22' open, someone may use sftp to transfer data, it's not permited in our
> > LAN, how to resove the question? Either if have a way to recode the data
> > transfer, just like vsftpd doing, I may check the recode and get to know
> > what's happening, it'll be acceptable also. Thanks for your help!
>
> 1. To disable sftp, you can eliminate the Subsystem sftp line from
> your sshd_config file.
>
> 2. I always recommend moving the ssh port away from 22 just because
> there are too many bots out there that attempt brute force attacks
> against ssh at port 22.
>
> 3. If you want to just allow certain users/networks look at the
> AllowUsers option of sshd_config.

Unfortunately, *ANY* shell can be used to transmit information. Even
SSH can be used with the FUSE system to prevent a mountable file-
system of the SSH server. So the underlying policy seems quite
confusing.