From owner-freebsd-questions@FreeBSD.ORG Thu May 20 22:29:50 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D7B316A4CF for ; Thu, 20 May 2004 22:29:50 -0700 (PDT) Received: from cnst.dyns.net (user138.net1403.nc.sprint-hsd.net [69.69.55.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9AD7C43D2D for ; Thu, 20 May 2004 22:29:49 -0700 (PDT) (envelope-from cnst@rbcmail.ru) Received: from rbcmail.ru (Dell_Inspiron_8100 [192.168.0.1]) by cnst.dyns.net (8.12.8p1/8.12.8) with ESMTP id i4L5TmZ2000369; Fri, 21 May 2004 01:29:48 -0400 (EDT) (envelope-from cnst@rbcmail.ru) Message-ID: <40AD93CA.2010308@rbcmail.ru> Date: Fri, 21 May 2004 01:29:46 -0400 From: Constantine User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.6) Gecko/20040113 X-Accept-Language: en-gb, ru, en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: How to secure ftp over SSH (how to make ftpd listen only to 127.0.0.1)? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 May 2004 05:29:51 -0000 Hello, I am very concerned about the security of my servers. My favourite file-management software does not support any other unix standards than plain ftp. How is it possible to set up my FreeBSD 5.2.1 that way, that it will accept ftp connections only from itself, so that iff the login to the system is done via SSH with port-forwarding, then one can open ftp-connection? (It will be very nice if in this case the username/password is not requested again, i.e. the ftp connection is anonymous and yet the ftp-client gets the same rights to files as SSH-logged user, who has the port-forwarding, but this does not sound like easy doable.) Put it in other words, how can I make ftpd listen only to 127.0.0.1? Constantine.