"It worked for me" my buttox

Started by capnpop, April 27, 2007, 08:32:10 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

capnpop

April 27, 2007, 08:32:10 AM Last Edit: April 27, 2007, 08:34:39 AM by capnpop
<rant>
So, the company I work for was hired to set up a secure ftp server to expedite the transfer of files for a company.  Their old method was to copy the files to a thumb drive and mail it half way across the country, wait for the files to be manipulated, then have the thumb drive sent back.

Try 1: Looked for the cheapest possible thing we could find that had the storage they needed.  Found, but not good enough.  There was no security on the FTP at all, other than standard username/password, and we needed some encryption.

Try 2: Use an OS to drive everything from A-Z.  It provides encryption, permissions, backup solutions, and everything else we needed.  Salesmen went and sold it before talking to me and letting me research it.  It requires physical access to the server to install (at least the first disk in the drive plus the additional disks uploaded since there is no online repository) and since I'm in SD and the server is in TX or California there is no way to do it.  After telling my boss that it isn't going to work he suggests throwing money at it if I need to.  It didn't work out.

Try 3: Hire another outside company to secure our server and then use a secure FTP on that server.  After dealing with one guy for about a week I get him hired to harden the server and set up the FTP for us.  He does it and I try signing onto the FTP.  I initially get in and notice there are no folders or files in the directory.  That's understandable, the home folder is empty.  I add a file and it shows up.  I try downloading it and it downloads fine (I think). I add something to the file and try again.  The file comes but it's empty.  Ok, so it shows files but doesn't let me download them.  I check permissions, they're fine.  I add a folder via the FTP client and nothing shows up.  I SSH in and the folder is there in the home folder of the user.  Jump ahead 26 hours: I'm now unable to get a file or folder list of the home directory and the result is a connection with NOTHING showing up in the file/folder list OR it times out for some reason but NOTHING shows up in any error logs.  The SSL/TLS authentication goes through without a problem...  The best part: the guy I had set it up says that it worked fine for him and that I should check my firewall settings...after that I tried to connect via a WIDE OPEN workstation (it's on the internet with no firewall) and still get a timeout...


AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

/eyestab...

</rant>

In any case, I now e-mailed the guy I hired to do it before and asked if he could set up the users for me.

Khanus

#1
April 27, 2007, 11:37:08 AM Last Edit: April 27, 2007, 11:39:06 AM by Yakov
Can you ping the FTP from behind your firewall or even with it disabled? Just for testing puropses try disabling SSL, and do what you did before. It there is nothing on the box as of yet, testing it without SSL encryption shouldnt be a problem. Make sure the "It worked for me guy" wasnt testing the FTP on a console in the same network as the FTP as well. If he was tell him he's a re re to tell you it worked for me, and he didnt check the FTP like an actual end user would.

Also cant the company just make a VPN tunnel from one location to another so their whole company is on one virtual network? That might be a better solution than the FTP depending on the volume of imformation that needs to be moved around.

voctovian

#2
April 27, 2007, 12:20:11 PM
I feel your pain Capn, I have been there.  It shouldnt be so tough.  If you can ssh to the box, then sftp should work too.  I have noticed that there is very poor compatibility with sftp clients though.  This is so annoying compared to ftp.. argh. 

If you are using windows as the client, ws-ftp (www.ipswitch.com) seems to be a little more compatible than putty.  It offers great scripting support too.  For linux/unix, I have to support fellow Calgarian Theo de Raadt: OpenSSH (www.openssh.com), although I havent done much with it.

For the server side, if you want a trivial solution (in windows), ws_ftp server and servu (www.serv-u.com) are products I have used.  Both are easy installs and not too expensive.  Ideally, you may want a verisign cert though, which is pricey, or deal with an error box.  These solutions are cost effective (<$1k)

Ping me if you are stumped.

Voc

Khanus

#3
April 27, 2007, 12:33:37 PM
I can vouch for the serve-u product been using it for a few years now.

Shadowwolf

#4
April 27, 2007, 03:50:04 PM
If its Windows......god help you because you'll need it, especially if you are having to do this through IIS. If it is, you are going to have to buy a Verisign or Thawte cert or it will be hassle upon hassle to get a custom cert to authenticate right.

Client wise, since you seem to have some users who might get easily confuzzled, http://www.cuteftp.com/. Works great, drag and drop, way easy to use.

If you're using Linux, id recommend http://vsftpd.beasts.org/. Thats all I use really unless the clients prefer something else. Its simple, solid, doesnt come with a lot of unneeded services/ports open and supports all the stuff anyone could ever really want in regards to an FTP.

C_Kermit might also be something worthwhile to look at client side, its scriptable so you could essentially write a script that does everything it should eliminated the requirement of user involvement. http://www.columbia.edu/kermit/ck80.html
Come to the darkside, we have cookies.
"A flute with no holes is not a flute, and a donut with no hole is a danish" - Chevy Chase as Ty Webb in Caddyshack
"Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind."- Dr. Suess

fiere redfern

#5
May 07, 2007, 09:36:11 AM
Yakov sez: "Also cant the company just make a VPN tunnel from one location to another so their whole company is on one virtual network? That might be a better solution than the FTP depending on the volume of imformation that needs to be moved around."

The company I work for does that since there are people who work from a home office or need to travel 200 days out of the year or whatever. Me being an intern (yay >.<) I don't have access to it so I can't tell you EXACTLY how it works - but it would definately be something to look into for data retrieval.

Just my $0.02

-Fi

capnpop

#6
May 10, 2007, 06:23:22 AM
I R not smart enough to do too much.  Got sick of waiting for the guy we hired to do it to get it done so I did SFTP and had to tweak the heck out of the permissions to get it to work right.  It works now and I just spent about 2 hours putting together an installation documentation for the clients so they can set up the FTP client we are giving them.

On a separate note: Anyone good at cron jobs / bash scripting?

I get to construct a script to take files from folders and copy just the files to a back up folder and to copy it only if it's a newer version than the version that may or may not be backed up already.  I also need something that deletes the files in the backup if they are 4 months old...

oh fun...
Print
Go Up Pages1
User actions