Welcome to WebmasterWorld Guest from

Forum Moderators: bakedjake

Message Too Old, No Replies

Secure way to FTP as root?



2:06 am on Apr 18, 2004 (gmt 0)

10+ Year Member

Running RedHat Enterprise on a dedicated box, and I'd like to be able to transfer files such as httpd.conf rather than edit via shell. Is their a secure way to do this?

Also, can PHP script under one vhost read/write files under another vhost? I have several domains with ads, and like to run a tracking script common to them all.


3:25 am on Apr 18, 2004 (gmt 0)

10+ Year Member

Don't use FTP. Period.
There's no reason to use FTP, since everything is in clear-text (username/password/data). The chances of someone sniffing the network on either end and obtaining your u/p are slim, but why take the risk?

Use SCP instead. There are many graphical front-ends for scp. Your username and password are encrypted along with the rest of the traffic.

the format from teh command line (*NIX box) is simple:
scp locafilename.tgz remotehost:/path/to/remote/location

You can also set up authorized keys to use, so you don't even have to enter in your username and password, it's all based off of your public key (SSH key). Although not so secure as well, if you trust the box you're on, it can be a time saver.

easy. :)



3:48 am on Apr 18, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Don't use SCP. Period.

It uses SSH version 1 which has flaws.

Use SFTP, which uses SSH version 2 to do the same thing.


4:40 am on Apr 18, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Matty is right. Never use FTP. It is *only* excusable for anonymous use, and I'd try to avoid it there, too, for different reasons. If there is a username and a password, then you shouldn't be using FTP.

However, you can safely use most modern FTP clients to transfer files using the SFTP capabilities of the SSH2 protocol. Off the top of my head, I know for sure that Transmit (Mac) and CuteFTP (Windows) support it, as does gFTP (Linux/Unix). Depending on the program, it may be called "SFTP", "Secure FTP", or "SSH2". These are all the same thing, and can be used with the OpenSSH server that is installed by default anymore on any *nix system worthy of the name, including RHEL 3. If you don't need anonymous FTP, you can just uninstall your FTP server, and I recommend you do just that.

Better yet, for your purposes, run a local X server. Then you can just ssh to the server and run your editor from the command line, but get a pretty local-looking editor window that you can point and click at to your hart's content, without ever downloading and uploading the file. I do this all the time, and it's my favorite way to deal with small changes to remote files.

Unix desktops run X for their graphical interfaces anyway. (Unless they are Macs.) On Windows it's a bit harder, and I haven't used Windows in too long to tell you how. On a Mac, either install Fink (fink.sourceforge.net, I think) or if you have OS 10.3, just install the X server from the 3rd disk.

As for PHP scripts working on files in different vhosts, sure thing. The PHP script has access to the machine's file system. There might be file ownership and permission issues to work out, but it can certainly be done.


4:44 am on Apr 18, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

bcc: you can safely use scp over protocol 2. Just make sure that the client and server are both configured for it. I think the default is still to fall back to protocol 1 if the other end can't do 2, but both client and server can be set up to simply refuse to participate in a protocol 1 session. It's how I configure all of mine, and scp still works.


4:54 am on Apr 18, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

dingman, I know. I was just messing with MattyMoose's response.

Marcus Aurelius

8:50 pm on Apr 18, 2004 (gmt 0)

10+ Year Member

Free program called winscp looks just like ftp and will work for ssh2 protocol.


3:00 am on Apr 20, 2004 (gmt 0)

10+ Year Member

Thanks for all the tips... I've downloaded winscp and it looks like it will do the trick :)

Featured Threads

Hot Threads This Week

Hot Threads This Month