Friday, September 5, 2008

Solaris ftp server

Solaris ftp server

Activate the FTP server using security measures built into Solaris.

The FTP Server integrated into Solaris 10 is based on the Washington University
WU-FTP Server and has security features already built in.

If you have to activate an FTP Server
instead of using SCP - Secure Shell copy
[see man -s 1 scp]),

then you can start FTP as follows:

Make sure the FTP service is enabled

# /bin/svcs -a | /bin/grep ftp
online 14:59:25 svc:/network/ftp:default

Otherwise activate the service using svcadm
# /usr/sbin/svcadm enable svc:/network/ftp:default


Now edit the file /etc/ftpd/ftpaccess and change
class realusers real *
to
class realusers real 123.456.78.9 123.456.98.*

in order to filter access to a single IP-address or an address range.

Don't forget to allow FTP access in your IPF firewall,
for example in /etc/ipf/ipf.conf add:
pass in quick proto tcp from any to 123.456.7.8 port = 21 keep state
where the to address corresponds to the local system.

No comments: