SSH/VPN and FTP: How do I use them?

dingdongbubble said:

OK I am not an expert in computers so please dont thik that I am an idiot.

What is SSH and VPN? How can I use them? Do they take a lot of bandiwdth? Are they hard to configure?

FTP: What is its primary use? Where do people most often use it? Can I transfer using an FTP client across a LAN or over the internet to some friend?

Click to expand...

SSH - Secure Shell to Remote Server (Typically 'Nix)
VPN - Virtual Private Network - Connecting to a remote location as if it was locally accessible (check me on this, not sure)

FTP - File Transfer Protocol - Typically used to transfer files from one location to another...

Use depends, SSH is as easy as typing ssh ip -p port into terminal, but actually being able to use a shell depends on the target system and takes experience.

Most of these protocols are bandwidth efficient that it depends on the files you're transferring, the overhead is small, but transferring a 1GB file will use up 1GBs of bandwidth.

You can use FTP for that purpose, but one of you will need to establish an FTP server on your machine.

Your questions seem to be all over the place, so you probably have another idea in mind (such as transferring files to a friend), so in that case it might be better to ask that directly

dingdongbubble said:

OK I got CrossFTP Server. Will it be ok for basic FTP across the internet?

Click to expand...

I use Fugu for secure (encrypted) FTP and I like it quite a bit. I don't know about yours, but probably it is OK.

SFTP is a good option to transfer files from one computer to another, but it may be a bit complicated to do it between your home computer and your friends computer in another home. Not that the software is complicated to use, but you need to know IP address of your friends computer. Kind of like, you need to know the phone number before you can call that person. Home internet connections unfortunately do not have fixed, easy to track numbers, so it takes a bit of work to figure it out. Your ISP, let's say Comcast or Verizon, assigns your home a number, but that number may change over time. Besides, most people use routers and wireless base stations that assign additional sets of numbers to the computers inside the house and may not make those numbers visible from the outside for security reasons.

Please try and explain exactly what is that you are trying to do. At the moment I am confused, first of all you said that you want to be able to access your friends machine via FTP and now you seem to be configuring an FTP server.

If you are using a windows machine...

then I would use Filezilla for your ftp server. It is very easy to configure, and you can give discrete users different access to different folders on your drive based on group or individual. As far as setting it up through the router, you will need at least port 21 open and passed through to the xp machine, and you might be able to just turn on UPNP on you router to take care of the rest. That might even work with the port 21 thing. Port 21 is the negotiation port, the transfers actually happen on a higher port.

So CrossFTP is a Java based FTP server? Yikes, sounds like doing it the hardway, or rather not the way I'd do it.

Get Filezilla like suggested above ^^^. Keep note of the port it is using default:14147.
Put in a password. And start the server.

Now go to the Users and make some accounts, add passwords for them, and then setup some Shared Folders.

From the WAN you can have people connect to your world IP and the correct port (make sure this port is forwarded by your router to the server computer). And you should be able to see whatever folders you've shared at this point.

For starters, FTP is incredibly insecure. All usernames and password are sent in cleartext. But since you're using it, make sure you chroot people into their own accounts.

In order to make this work, you have to open up the requisite ports on your router and point them to your Mac. Ports 20 and 21 need to be opened and clients need to use active FTP.

what type of files are you trying to share?

music? documents?

you could always find free hosting and upload your files to the server, put a password on the directory so only authorized users can access the files..

IMO much easier for what you are trying to achieve

Your Router must have ports 20 & 21 open and port forwarded to your machine that is hosting the FTP server. And then, the clients MUST use active FTP to connect. Passive won't work. Most FTP clients use passive by default.

Use netstat -n to ensure that your ftp service is functional. Make sure your software firewall is off as well.

dingdongbubble said:

Well there is an assortment of file types. I dont think uploading 50-60 GB of files would be a good idea. and I am doing this so transfers between people are easier. Uploading all that while not being sure that my friends will ever require certain files is stupid for me.

Opening/Forwarding port 20 did not help. The point over ehrer is that my FTP server is fine and all that. Problem over here is I think because I am behind a router and my computers IP is hidden or inaccessible from the WAN.

Click to expand...

Read this link, it's a nice summary of active vs. passive ftp, which as yellow stated is why it's not working for you.

http://slacksite.com/other/ftp.html

EDIT: Should also note, a far better solution would be SecureFTP (SFTP), which would solve a lot of your problems by only needing to forward port 22, not to mention being a lot more secure. Just set up a guest account and give all your friends the username and password. Much simpler from the port-forwarding perspective and more secure...

jim.arrows said:

EDIT: Should also note, a far better solution would be SecureFTP (SFTP), which would solve a lot of your problems by only needing to forward port 22, not to mention being a lot more secure. Just set up a guest account and give all your friends the username and password. Much simpler from the port-forwarding perspective and more secure...

Click to expand...

Agreed, SFTP is much more secure.

But you cannot chroot an SFTP account, right?

yellow said:

Agreed, SFTP is much more secure.

But you cannot chroot an SFTP account, right?

Click to expand...

Dunno, I'm a Cisco guy, not an SA; but just reading the thread, I don't think he'll be setting up a chroot environment in the near term -- possibly down the line, but not in the near term.

I would recommend that you turn off anonymous FTP on the server as it will allow anyone to connect as anonymous and depending on the FTP server software, all it may log is the IP address of the connecting machine.

Just turn on "Remote Access" and you can then SFTP to your heart's content.