Secure file transfer in linux without SSH?
Solution 1
The good old File Transfer Protocol (FTP) was invented for transferring files. To use it in a secure way, you can use ftps (which is not sftp, but ftp over ssl) or set up a vpn connection for security.
When I search for vsftpd+ssl, this is the first result which seems like a reasonable starting point.
Solution 2
The following is simple and awesome:
python -m SimpleHTTPServer 8888
This starts a new http file server for current directory. Supposed there is a file named foo in current directory, you can download it like this:
wget http://your.ip.here:8888/foo
Solution 3
You could setup a WebDAV file system over SSL.
Solution 4
You can use any protocol, even unencrypted and without authentication. All you have to to is to sign and encrypt your data before you send it:
gpg --armor --local-user senderkey --recipient recipientkey --sign --encrypt cleartextfile
If you are paranoid about login possibilities on the target you can use a combination of
- some network event (that does not open a connection) which is logged by Netfilter (
iptables
) - a wget call which is triggered by the logging and gets the file from some web server (the OpenPGP file probably needs to always have the same name then)
Solution 5
Seems to me you should be able to restrict the user to just sftp by adding a command="..."
directive to the users authorized_keys file. We're doing that at $work to restrict some user accounts to just rsync.
There's a wite-up at http://troy.jdmz.net/rsync/index.html that lays out the process for rsync.
Related videos on Youtube
Comments
-
guipy almost 2 years
I want to transfer files between to machines over the internet, in a SECURE way. Both machines have linux (the "server" uses Ubuntu 12 and the "client" uses Mint 14). I DO NOT want to allow ssh to my server, and i want the client to be able to open and read files on server, but it cannot modify/erase things. It's allowed to client copy files to server [or create files there] and copy from server.
I want to share just some directories in my server in the way above explained. Finally, i want to access files in the client in a easy fashion, like GUI mode or something..not using shell, but instead using a windows-like style (like if my remote folder is a local one, but with restrict access as above explained).
Being secure to me means that the connection must be encrypted, and the login could use some private/public key scheme.
What's the best solution for me ? I'm trying to find some SFTP configuration that fits my "specification", but the restriction in access is too "peculiar"...i don't know even if SFTP works without allowing ssh.
Thanks very much for any help...
EDIT: Thanks very very much for your help. I really appreciate this! I will evaluate all answers and try to figure out the best solution. By now, i think creating an user that have restricted access/privileges and allowing ONLY this user to do a SSH/SFTP ultra-secured is the best way..."hacks" to avoid ssh really can make things worse (less-secure). My question is a little bit confusing because my "logic" was a little disturbed. Now i can see more clearly...
-
ceejayoz about 11 years@DanilaLadner Did you read the second-to-last paragraph, which talks about SFTP?
-
Chopper3 about 11 yearsI want a pony but you can't always get what you want - how about a VPN and some permissions?
-
Kruug about 11 yearsWould Dropbox/Google Drive/SkyCloud/etc. be an option?
-
egorgry about 11 yearsVPN seems like the only sane option here based on what I'm reading but my question is why are you opposed to ssh? It's pretty solid and secure when set up correctly. You can use denyhosts, lock it down a million ways, change default port etc.
-
Johnsyweb about 11 years
-
guipy about 11 years@egorgry: Interesting...it's possible to only allow my client [that will be fixed, same pc always!] to do sftp/ssh on my server? By the way, thanks to you all for helping me...
-
Danila Ladner about 11 yearsSure, quite possible.
-
guipy about 11 years@Johnsyweb: It seems that rssh, from the link you've posted, can do part of the job [avoiding ssh login, allow only sftp]. But what about the file restriction access? SFTP can deal with it? Thanks a lot for helping me...
-
Darth Android about 11 years
sftp
will have whatever file restriction access you set up with permissions on the filesystem. You can set upsftp
such that certain accounts require a public key to log in, and can only access thesftp
subsystem (not a shell). You might also tryftps
, which isftp
's encrypted big brother.ftps
+chroot
would probably work here. -
ZaSter about 11 yearsThe question is confusing. Just a tiny bit of research would find that SCP and SFTP are SSH-based programs. Yet your question asks how to "transfer without SSH", and at the same time you say that you are trying to find an SFTP configuration.
-
voretaq7 about 11 yearsPlease don't crosspost. You've asked this exact same question on SuperUser ...
-
ceejayoz about 11 years"Is there a way to limit the SSH access on my server, and then only my client could do ssh/sftp into it?" You mean like a key or strong passphrase? A hacky workaround solution is likely to be far less secure than a properly secured SSH install.
-
rougeExciter about 11 yearsPerhaps you're looking for the concept of a "sftp chroot jail"?
-
Michael Hampton about 11 yearsSee also Allow SFTP but disallow SSH?
-
-
Danila Ladner about 11 yearsIsn't webdav an extension of the HTTP protocol? So files on the disk will be owned by webserver user?