[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] SafeTP RAQ installation

Subject: Re: [cobalt-users] SafeTP RAQ installation
From: "Steve Bassi" <steve@xxxxxxxxx>
Date: Tue Apr 10 10:25:23 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

----- Original Message -----
From: "Landon Jenkins" <landonak@xxxxxxxxxxx>

> Has anyone had experience implementing SafeTP on a RAQ?
> Landon

Yes I did it fine on my RAQ3

You have to fill in a from at Berkeley
http://www.cs.berkeley.edu/~bonachea/safetp/form.html from here they email
you a link to download the programme.

Once  you have the link, which looks something like this
http://re.cs.berkeley.edu:xxxx/xxxxxxxx-sftpd.tar.gz (I havent put the
actual URL cos Berkeley asked me not to.) wget the link from your
/home/sites/home/users/admin directory.

Now beome root.
su
(password)
adduser safetp
tar -xvzf sftpd.tar.gz
cd sftpd-1.46
 ./configure
make
make check
sc/install.pl      #this runs the following install script
Are you ready to begin? [y]
> y

What is the name of the user that sftpd should run as? [safetp]
>  (hit return here unless the user name you used above is different)

Your DSA public key will include a descriptive name, called its
"brand", that users will see when they connect to your server.
This string should be something users will recognize.  What brand
would you like? [SafeTP at www.Yourdomain.com]
> (hit return if the default is ok or add your own entry)

Where are the SafeTP binaries, such as 'sftpd',
located now? [.]
> /home/sites/home/users/admin/sftpd-1.46
(again change this if you installed in a different directory)

Where should the SafeTP binaries be placed for ongoing use?  Since
many network file system protocols, such as NFS, are insecure, this
should be on the local machine which will run the SafeTP daemon.
[/home/safetp]
> (hit return for above default entry)

For user convenience, I can put symlinks to the SafeTP binaries in some
conventional place.  Where should I put these symlinks?
[/usr/local/bin]
> (hit return for above default entry)

Where should I put the DSA server keys?  It is imperative that the
directory specified here be on the local machine, because if the
server keys are sniffed then SafeTP is compromised.  (Note also that
you need to think carefully about how/whether these keys are part
of any automatic backup procedures.)
[/home/safetp]
> (hit return for above default entry)

To which port should I move the existing FTP daemon?  Since SafeTP uses
this daemon, you can't just remove it entirely.  [351]
> (hit return for above default entry)

Which port should SafeTP listen to?  Normally you should make SafeTP
listen to port 21, the default FTP port.  However, if for some reason
you want it to listen to a different port, 353 is the recommended
alternative.  [21]
> (hit return for above default entry)

Do you want SafeTP to accept unencrypted connections as well as
encrypted connections?  It makes the transition path easier for
users but also eliminates the forcing function for them to switch
to using SafeTP.  Accept unencrypted?  [n]
> n

The current argument string to sftpd is:
  sftpd -f351 -s -y/home/safetp -9
You can enter additional arguments here if you want:
> (hit return for above default entry)

After installing, do a full (interactive) test? [y]
> y

After install, should I add a blurb to /etc/motd telling users
that SafeTP is installed? [y]
> y

When I modify system files, I will tag the modifications with the name
of the admin responsible.  What tag should I use?
> (enter whatever you like here - I put stevebassi)

The next prompt is:

Instructions:  I'm about to start sftpc so you can test it.
You need to give four responses:
  username: any valid user name on this system
  password: the corresponding password
  sftpc> test      (at first sftpc prompt)
  sftpc> quit      (at second sftpc prompt)
When ready, hit Enter:
> (hit enter to continue)

 User name (Enter = safetp)? admin
331 Password required for admin.
Password:
sftpc> test
there will be a lot of activity here - wait for it to finish
sftpc> quit
full test: SUCCESS!

And that is all there is too it.

For your PC or customers PC FTP client to work you will need to download the
following and install on your PC.
http://www.cs.berkeley.edu/~smcpeak/SafeTP/safetpc.html if you use windows.

Sorry there is currently no MAC client.

I suggest you read up all there is at
http://www.cs.berkeley.edu/~smcpeak/SafeTP/index.html as there also some add
on patches that some of you may find useful

I have tried it on my system and it really seems to work well.


Best Regards



Steve Bassi

Follow-Ups:
- Re: [cobalt-users] SafeTP RAQ installation
  - From: Kul

References:
- [cobalt-users] SafeTP RAQ installation
  - From: Landon Jenkins

Prev by Date: [cobalt-users] mysql
Next by Date: [cobalt-users] Relaying denied solution!
Previous by thread: Re: [cobalt-users] SafeTP RAQ installation
Next by thread: Re: [cobalt-users] SafeTP RAQ installation

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index