Security Question

[Radek Hladik]

Christopher K. Johnson wrote:

> Roger Taranto wrote:
> 
>> I've just upgraded to FC2, and I'm trying to figure out who to handle a
>> security access situation.  I would like to keep the security on the 
>> machine
>> pretty high since I use it as a firewall, but I also would like to give
>> access to a friend to update a web site hosted on the computer.  She 
>> would
>> be coming in via FTP (for example, DreamWeaver), but is using a cable
>> connection and therefore won't always be tied to the same IP address.
>>
>> How do I keep security tight while still allowing her to connect to 
>> update
>> the web site?
>>
>> Thanks,
>> -Roger
>>
>>
>>  
>>
> As a firewall it is a mistake to allow any outside access to services 
> that authenticate without encrypting.  So ftp access is a really bad 
> idea.  Your best option might be webDAV over ssl.  It can be configured 
> on your web server be id/password restricted, and use a test certificate 
> you create for ssl encryption.  Another secure alternative is scp, but 
> then you have allowed the person shell login access using ssh as well.  
> If that is not necessary, use the webDAV over ssl.
> 
I would recommend using SFTP with WinSCP (althougn the name it supports 
sftp too). SCP supports only copying files and therefore the graphical 
clients must have shell access. This is not needed with SFTP and sftp 
subsystem is part of openssh for quite a long time.
There are also many "shells" for using scp and sftp only. I'm using 
http://freshmeat.net/projects/rssh/ .It can even chroot after a few 
coffees or cokes :) .

Radek