Sunday, March 14, 2010

Server 2003 FTP to SSH

I recently found myself needing to setup an FTP server on my MS Server 2003 back home. No big deal right!

I knew FTP required 2 ports, 21 and 20. I am using RRAS (Routing and Remote Access Server[Service]), and had opened up ports before, no big deal.

So I opened the ports and was able to open a connection, SUCCESS! Then i entered ls to list out the contents of the directory, and FAILURE!. After too long (way too long) on google. I learned that their are two modes passive and active. In active, the server tries to open then data connection with the client. (http://slacksite.com/other/ftp.html) Of course NAT is going to frown on that so passive dominates. In passive the client chooses a server port >1023 and initiates with the server. This got me really confused, cause I thought it was going to be port 20. I really don't want to open up a big range of ports (>1023) for ftp.

In the end, I decided FTP's model of 2 ports doesn't work for me and went with SSH, minutes later I was up and running.

So I installed http://www.freesshd.com/ on my server. Using the GUI I was able to start the service, add a user, and choose my directory. In RRAS I closed my ftp ports and opened 22 for SSH. And voila!

For a client I was using FileZilla for FTP and "knew" it wouldn't work with SSH, but tried it anyway. It worked!

Curious, I even found a web shell http://www.anyclient.com which will allow me to SSH into my files without having to install a client (java based). Keep in mind that using a web shell like this defeats the security part of SSH. Your password is transmitted to anyclient.com in clear text before it even touches SSH.

In the end, I am very disappointed with FTP and very impressed with SSH. I was even more impressed by the FTP clients that allow me to use SSH as if it were FTP.

I hope that this helps someone.

1 comment: