As you have seen, FTP generally is a very insecure and easily compromised application. Simply too many cases exist where weak passwords allowed a hacker to gain access and cause damage.
The alternative is SFTP, which has no direct relationship with the FTP protocol. Rather, this protocol depends on the Secure Shell (SSH) protocol for encryption and authentication of the connection.
SSH is the best method currently available to connect to a server. You may hear about several tools that allow you to connect to SSH. Following are some examples of open source tools that support the current version of SSH (SSH-2):
Putty
Terminal (Mac) WinSCP
FileZilla
Note
SSH-1 is a vulnerable application and should never be used. Although this note is somewhat dated, it's important to keep in mind.
The most common software stack for SSH is OpenSSH. This GNU/GPL licensed code is widely available on many web servers. According to the Internet Engineering Task Force (IETF), the organization that ratifies Internet standards, “The SSH File Transfer Protocol provides secure file transfer functionality over any reliable, bidirectional octet stream. It is the standard file transfer protocol for use with the SSH2 protocol.” In other words, SSH sets up a secure communications channel between your machine (the client) and the server.
A key difference between FTP and SFTP is that SFTP maintains the date and time stamp of files, whereas FTP traditionally does not.
The downside with SFTP is speed. It can be very slow (it is dependent on connection speed) because of the encryption of the SSH traffic. However, speed is a small price to pay for security.
SFTP is supported by many clients for both Windows and Mac platforms. A personal favorite is WinSCP, a GNU/GPL client shown in Figure 5.15. It is a very well-maintained application. The left side o f Figure 5.15 shows your local client, and the right side is the target server. The SFTP client allows editing, uploading, and full navigation of the server (within your login area).
Figure 5.15 WinSCP SFTP client
For the most part, configuration of SSH is a checkbox–type thing. While it's wise to check the SSH settings, you will very likely find that the SSH will be set up appropriately.
One file in particular that you should look at is located at /etc/ssh/sshd_config. In this configuration file, you can restrict access to specific users very easily.
As the root, open the configuration file and locate the following:
DENY—Use this option to implicitly deny specific users from logging in. The format is as follows:
DenyUsers Username1 Username2
The situation where this may apply is dependent on your needs.
ALLOW—The implicit ALLOW allows login privileges to the users you specify. This is more than likely a realistic scenario for you. Now that you know logging in with SSH is better than with FTP, you'll want to add your users here. As a root, log in to the configuration file and add the usernames as follows:
AllowUsers Username1 Username2
This command tells SSH to only allow those users on the list to connect with proper credentials.
When administering a machine, you should take care of business and then log off. Leaving an open connection is a bad idea. However, getting distracted by a co-worker or a phone call is simply part of life. Rather than living with the possibility of leaving a connection open for a long time, setting a time out is best.
To limit the time a logged-in connection can remain idle, open the configuration file and locate the following files:
ClientAliveInterval interval ClientAliveCountMax 3
In the first line, ClientAliveInterval refers to the time (in seconds) that SSH will wait after not receiving any data before disconnection. Depending on your situation, replace the word Interval with a number (in seconds).
The second line, which defaults to 3, is the number of messages or attempts it will try before disconnecting. Thus, if you have the interval set to 15 seconds, a non-response from the SSH client (WinSCP, Putty, and so on) will disconnect in 45 seconds (15 times 3). Set these for the times appropriate to your needs.
SSH (via Putty) can allow you to log in directly as the super user. However, you should not do this as a matter of course. Rather, log in as your normal (non-super user username) and then escalate your privileges once in there. What that means is that once you log in with Putty, you should see a $ sign versus a # sign.
Edit your configuration file as follows to disable root login (super user) on SSH:
PermitRootLogin no
This ensures that you cannot log in as root from SSH.
The default is to not allow a username only. Rather, you must have a username and password. Check to ensure that the following line is set to no:
PermitEmptyPasswords no
SSH (and SFTP) by default runs on port 22. You can change this to almost any other port. In fact, although it's not anywhere near foolproof, changing your port is a good idea. To do so edit the field in your configuration as follows:
Port X
Change X to the port number of choice.
Note
A great many more configuration options are available to you for SSH. For a complete list, see http://unixhelp.ed.ac.uk/CGI/man-cgi?sshd_config+5.