Topic: Customer FTP

[edlentz]

IN the Manual section 14.9, there are instructions for setting up an Ibay so customers could ftp into the folder and get files.  Is this no longer available in 7.0pre4?  I have followed the section instructions to the letter and I can't seem to connect to it.  I have two several Ibays I want to do this with.  This would strictly be download from outside the LAN

Thanks

[Tib]

edlentz

What exactly are you trying to do ... are you trying to access a persons ibay or have you setup a general ftp user.

I have this setup on my system where there is a general ftp login for ppl outside my network ... Also an ftp ibay for the files.

This setup is the same as any other ibay setup .. you just have to allow ftp access to that ibay and also allow external ftp access in the remote access section.

Basicaly I created an ftp user ... created an ftp user group ... put the user into the ftp user group ... created an ftp ibay and set all the group rights.
Set the ftp ibay to accessed from internet with password ... this way you can have more ppl even fron inside the network upload files to the ibay with ease.

Then in Remote access I set allow public access (entire internet)  and accept passwords from anywhere.
With the "User Remote Access" contrib I tied the ftp user into the ftp ibay.

I figured this would be the most secure.

Regards,

Tib

[edlentz]

Tib,
Thanks for replying.  I have a couple of IBays that I want to allow my customers access to.  In the manual in section 14.9 it shows setting up an Ibay where someone from the internet types the URL ftp://FTP://someIBay@foo.com and they get into the ibay with a list of all the files.  They have no upload but download access.  When I try to get to the Ibay I get a password prompt, and even if I put in the password the connection times out.  I can't seem to figure this out.  I am running 7.0pre4.  I know it is still beta but the new docs have this in it so I figured it was still available.

Thanks
Ed

[Tib]

edlentz

FTP is usually ... ftp://username:password@yourserver.whatever

The user will et routed to the correct ibay that you have setup or routed them to.

Your statement ftp://FTP://someIBay@foo.com is not correct ... it thinks that "someIBay" is the user name.

Regards,

Tib

[Mjohnson]

You might consider chroot'ng them to the ibay as well.  

See the Dungog Contrib (See Contribs for SME 7):

Dungog contribs -7b4

Available in an unofficial yum repository yum setup details

Dungog.net GPL

smeserver-remoteuseraccess - combined shellaccess & chroot ftp

[Tib]

Mjohnson

I'm prety sure that one doesn't work in SME7pre4 ... but there is one the dev team did and it works well. When I get home I'll post the location ... I have it running on my system as posted on my first post.

Check this thread about it.

http://forums.contribs.org/index.php?topic=31101.0

Then go to here and D/L the one that works.

http://bugs.contribs.org/show_bug.cgi?id=851

Regards,

Tib

[Mjohnson]

He Tib...

Interesting.  Thank you for pointing that out to me.  I was not aware of the issue.  I have used the Dungog solution, and it worked, except I had only one user chroot'd.  I have not tried it with multiple users locked in different directories.

I will test it out on my demo server.

I really appreciate your correction.

MJ

[edlentz]

Hi guys

I think I will have to find another way.  It looks like what you are using I would have to allow or at least put an entry in for each user.  I could potentially have several hundred users, so that wouldn't  work out so well.  I put in a bug report and they marked it as invalid and suggested I use HTTPS with a password, so I will pursue that.

Thanks again for your help.

[gordonr]

Hi guys

I think I will have to find another way.  It looks like what you are using I would have to allow or at least put an entry in for each user.  I could potentially have several hundred users, so that wouldn't  work out so well.  I put in a bug report and they marked it as invalid and suggested I use HTTPS with a password, so I will pursue that.

Thanks again for your help.

The bug was marked invalid as your server is behind a firewall. That firewall needs to be configured to pass FTP and FTP is an annoying protocol to pass through a firewall. I asked you to reopen it if the problem still exists without the firewall in the way.

[edlentz]

Right you are gordonr.  I found out that my firewall is at fault.  At this time I am hesitant to replace it.  I checked it out and found that there is indeed a bug in the firewall software that I can't fix yet.  I am going to assume that the problem is my firewalls fault since I can FTP behind it.  You suggested I use HTTPS which works fine from outside the firewall.  I am sorry if I made it seem that the bug was marked invalid without explaining.  The invalidity is my fault.

[kruhm]

I figured this would be the most secure.

The most secure way would be to not allow regular FTP access as this is proven to be insecure. The most secure way would be to use SFTP with public/private keys.

One of the main goals of the server is security. Working towards an easily adopted FTP solution is working towards insecurity and against the goals of SME. This is where management needs to direct the dev team correctly.

This way the team doesn't spend time on something that shouldn't be used anyway. Also, it allows the team to focus on other solutions that they should be working on.

Time is limited. Focus on what's most important.

[dmay]

I typically do my best to support SME server. However for a perfect SFTP solution I think SME server comes up short. I use and recommend Titan FTP Server. It is a commercial SFTP product that meets corporate needs very well.

Darrell