From owner-freebsd-questions@FreeBSD.ORG Sat May 22 02:53:56 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 073BB16A4CF for ; Sat, 22 May 2004 02:53:56 -0700 (PDT) Received: from main.gmane.org (main.gmane.org [80.91.224.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6668143D31 for ; Sat, 22 May 2004 02:53:55 -0700 (PDT) (envelope-from freebsd-questions@m.gmane.org) Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 1BRTCR-0007VB-00 for ; Sat, 22 May 2004 11:53:51 +0200 Received: from r2i215.mistral.cz ([62.245.72.215]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 22 May 2004 11:53:51 +0200 Received: from element by r2i215.mistral.cz with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 22 May 2004 11:53:51 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Pavel Duda Date: Sat, 22 May 2004 11:54:31 +0200 Lines: 30 Message-ID: References: <40AD93CA.2010308@rbcmail.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: r2i215.mistral.cz User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 X-Accept-Language: en-us, en In-Reply-To: <40AD93CA.2010308@rbcmail.ru> Sender: news Subject: Re: How to secure ftp over SSH (how to make ftpd listen only to 127.0.0.1)? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 May 2004 09:53:56 -0000 Constantine wrote: > Hello, > > I am very concerned about the security of my servers. My favourite > file-management software does not support any other unix standards than > plain ftp. > > How is it possible to set up my FreeBSD 5.2.1 that way, that it will > accept ftp connections only from itself, so that iff the login to the > system is done via SSH with port-forwarding, then one can open > ftp-connection? > > (It will be very nice if in this case the username/password is not > requested again, i.e. the ftp connection is anonymous and yet the > ftp-client gets the same rights to files as SSH-logged user, who has the > port-forwarding, but this does not sound like easy doable.) > > Put it in other words, how can I make ftpd listen only to 127.0.0.1? > > Constantine. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > I've forgot about hosts.allow it should work as well if you dont want to use ipfw.