[jay3ld]

i have ftp enabled on 1 of my macs because i connect to it from remote computers (pcs Yuk!)

but im a paranoid person. so i want to make sure that is accessible to ftp is mine. im afraid the pc people will get my info and hack into me.

any way to block them out? or could i keep them running by changing the port?

please help im paranoid person and like my computer accessible from work or other computers

i have 6 other users. i want to be the only user allowed to be connected to by ftp. dont worry im not connecting to my admin account

[CharlesS]

If you turn on Remote Login instead of FTP, you can connect to your computer with SFTP, and your password will not be sent in the clear, so it will be a little harder for hackers to sniff it.

[danman]

Use Ipsec to secure the data in transport and restict access by IP. FTP is one of the worst, if not, worst ways to transfer files. Username and password sent in the clear, all data sent in the clear.

[Millennium]

Apple doesn't ship with anonymous access enabled, so you are safe as far as that goes. Not just anyone can use FTP to get into your machine. The big thing to remember is not to turn anonymous access on, or if you must turn it on then to make it download-only. I once made the mistake of enabling anonymous uploads, and within two days someone had hacked me.

This said, FTP has a fundamental security flaw, in that it doesn't make any attempt to encrypt passwords; they're just sent over the network in plain text. If someone is sniffing your network (not an easy thing to do unless you've gotten the password through other means, admittedly, but not impossible) then they could get your password that way. The most common way of dealing with this is to tunnel it over SSH; this encrypts everything, including the password, so it's safe.

[jay3ld]

im connecting to my mac from a pc. thats changing allot i think.

[CharlesS]

Originally Posted by Millennium

This said, FTP has a fundamental security flaw, in that it doesn't make any attempt to encrypt passwords; they're just sent over the network in plain text. If someone is sniffing your network (not an easy thing to do unless you've gotten the password through other means, admittedly, but not impossible) then they could get your password that way. The most common way of dealing with this is to tunnel it over SSH; this encrypts everything, including the password, so it's safe.

The most common way? Seriously? Why would anyone bother tunneling FTP over SSH when you can just use SFTP with just about any server that has the SSH daemon running?

[danman]

Most SFTP clients/servers send the username and password in the clear and encrypt the data. Stupid design. FTP is so damn old it's not even funny. Some people need to move into the 90's.

[CharlesS]

^ What?! That is not true.

[Moose]

Originally Posted by danman

Most SFTP clients/servers send the username and password in the clear and encrypt the data. Stupid design. FTP is so damn old it's not even funny. Some people need to move into the 90's.

Uh.

Yeah.

And you need to read a goddamned manpage:

DESCRIPTION
sftp is an interactive file transfer program, similar to ftp(1), which
performs all operations over an encrypted ssh(1) transport. It may also
use many features of ssh, such as public key authentication and compres-
sion. sftp connects and logs into the specified host, then enters an
interactive command mode.