Tag Archives: ssh

How to Set up an FTP Server

Geek!This is Adam Marchesich’s submission for the HP Magic Giveaway. Feel free to leave comments for this article as you see fit – your feedback is certainly welcomed! If you’d like to submit your own how-to, what-is, or top-five list, you can send it to me. Views and opinions of this writer are not necessarily my own:

The main advantage of a home FTP server over a Web server is that you can save files to the FTP server, whereas with a Web server, you can only get (receive, download) files. The disadvantage of a home FTP server is that you need an FTP client to connect to it, whereas Web servers can be accessed using a plain old Web browser. However, many modern Web browsers support FTP. That said, most Web browsers make poor FTP clients. You should use a more fully-featured FTP client to connect to your server. There are plenty available, and everybody seems to have their favorite. If you’re wondering how to set up your own FTP server, you’ve likely already selected your favorite FTP client.

What you’ll need:

  • A Windows PC
  • An always-on broadband (DSL or cable) internet connection

Step 1: Download and install Serv-U FTP.

Serv-U FTP is a nice windows FTP server app that’s been around for years — I’ve used it since 1997 and it works flawlessly. The newest version adds more security through SSL support – and the best part of all is that the personal version which allows for two FTP logins is completely free.

Now, don’t get confused because they have several levels of pricing and several editions. Once installed, you will have a “corporate edition” that after thirty days will become the “personal edition.”

Step 2: Complete setup and create a user login.

After the initial setup is done, Serv-U should start the administrator and ask you to create a new user account. Start off by first putting in the domain name you used to setup your dynamic DNS. To keep your FTP server for your own use, be sure to disable Anonymous access by selecting “No” when asked.

When it asks for your Home Directory, it’s probably best to just say C: for your home Windows machine. This will give you easy access to any file on the main drive. Be sure you say “No” to locking your own user in the home directory, otherwise you might not be allowed to switch to other drives.

Step 3: Grant proper rights to any drives you have.

When you are done creating a new user account, start the FTP server and the Serv-U Administrator application. Expand the Domains tree to show your server, then the Users tree to find your account. With your user selected, click the Dir Access tab on the right pane.

Highlight the drive letter and fill all the checkboxes on the right side except for “Execute”. This will give you total access to upload, download, delete, create, and make any directory changes as well. If you’re nervous about your account having too much access, you can probably get away with just read or read and write access for most things. Also be sure to add any other drives on your computer (I have a second hard drive with the letter E: on mine).

Step 4: Be sure you have outside access to your new FTP server.

Like many of you reading this, I have a router / firewall / wireless access point at home that shares my broadband connection with every internet device in the house. Most router / firewall / wireless points hand out internal IP addresses and keep your computers safely away from outside access, but if you’re running your own FTP or Web server at home, you’ll want to poke a hole in the firewall and map port 21 to your home computer running Serv-U.

For regular FTP connections, map port 21 to your computer, for secure FTP connections, map port 990 to your computer on the network (or just map both).

Step 5: Test it.

The last thing to do is to test your FTP server by firing up a FTP client and try connecting to your own server. Even though you are using the very computer you are testing, if you try to FTP using the outside address (your dynamic DNS name), it will be exactly like connecting from the outside.

When you connect to it the first time, you might get a warning about a bogus certificate provided by Serv-U. Just set your FTP program to always trust it and you won’t see this warning again.

That’s it. Now you’ll never forget a file at home because anything on your home computer will be accessible from anywhere else on earth.

[Editor’s Note: Mac OS X has FTP server functionality baked into the operating system, and it’s far less complex to set up and operate]

Does it make pfSense to wear SSH SOCKS?

Adrian Hensler scribbled:

Just looking at your postings regarding VPN and Hamachi. Hamachi is pretty neat but if it has spotty support for the Mac why not try SSH (secure shell)? I know there are Mac clients like putty ( http://putty.darwinports.com/download/ ). SSH is great for tunneling data through. You can pipe your email, Web browsing, and IM and whatever else through SSH. It’s very flexible and once you’ve played with SSH (either the command line version or a GUI like putty, it’s easy to see many uses for it).

Here’s a page describing the Mac setup briefly: http://www.mikeash.com/?page=ssh_socks.html

I’m not sure why the author chose to use the Firefox “about:” way rather than the File | Preferences way, but that’s fine. This page might be a bit better description of the whole process, and here’s yet one more. Here’s one on setting up the SSH daemon on a Mac (not sure if there’s a better way, sorry). You could also just run a tiny linux virtual machine that includes a SSH daemon in something like VMware and just forward the appropriate port (22) to that.

It involves adding a dynamic tunnel and then changing Firefox to use that new local port as a SOCKS proxy. One caveat is that DNS requests are still done locally; so browsing history isn’t completely hidden. It’s possible to direct DNS requests through the tunnel as well; but it’s significantly more complicated. Also; it’s important to note that you can direct multiple ports through the same SSH tunnel – you could forward email / instant messaging / remote desktop; all through the same single SSH port at the same time; as long as you know and have access to the remote IP and port from the remote SSH server. The sister application SCP will work in the same manner for moving files securely.

Another issue might be that some users may not have access to change the Firefox / IE settings to add a proxy. In my previous job; these settings were locked by a group policy… but they didn’t lock the registry settings where these ‘lock’ options are set; so I just disabled the lock via the registry….

Like everything else; it seems more confusing than it is. Once you’ve set up a tunnel and see how it works; you’re set for a million uses. The fact that it is multi-platform is a huge plus for me – it works the same way on my Linux boxes and my Windows boxes. You can also set it up with multiple hops to get to places you might not have thought possible.

My personal solution is a router PC based on pfsense ( https://www.pfsense.org — amazing work done on this project) and I connect to that via either SSH or the Windows built-in pptp client – pfsense runs a SSH daemon if desired and also supports IPSec and PPTP tunnels. But for quick http proxies, it’s hard to beat SSH.

Jeremy Phillippe also suggests pfSense:

I’m not sure if you’ve considered (or are aware of) m0n0wall and pfSense. m0n0wall is a FreeBSD based router package that, among other things, will let you setup a PPTP VPN endpoint, which will let you almost effortlessly connect remotely from both Windows and Mac OS X to your home network and the internet from there. pfSense is an offshoot of m0n0wall, it uses a more recent version of FreeBSD and uses OpenBSD’s Packet Filter (hence the pf part), it also supports VPNs in this manner. It’s fairly easy to setup a spare machine for this (or get a small custom built device that will run either).

The Best FTP Client – WinSCP

When we moved over to the new servers, Shayne decided not to open up the port for FTP. Fair enough (a good security move). However, I was left with having to find another way to get in and easily edit files on the system. He recommended that I get an SCP client. I downloaded a few of ’em, not being all that impressed – then I stumbled across WinSCP. It handles SSH / SCP / SFTP sessions, and has direct hooks into PuTTY. I have a long history with FTP programs. Starting with the amazingly old and incredibly unintuitive WS_FTP, I moved to FTP Explorer. When the developer abandoned the project, I flipped to FTP Voyager – and found it to be completely overpriced for my needs. Then, it was off to SmartFTP, until the desktop flashing started to annoy me. I had veen on FileZilla up until recently (living with its shortcomings, too). WinSCP surprised me.

It doesn’t do everything I want it to do, but I discovered that you can locally edit remote files by double-clicking them! This feature alone has saved me so much time and energy. I had been relying on PSPad for the longest time to do all my server-based file editing through FTP (slow, clunky). While the WinSCP edit window leaves much to be desired, it’s quick and painless – and I can hook directly into PSPad for advanced functionality and seamless integration with the file transfer. Wow. Awesome. Cool. You need this. Forget the other FTP clients out there – if you don’t have this “edit locally, save remotely” feature in your FTP program, dump it. And FTP access through a plain ol’ file editor is just painful to navigate! WinSCP is wicked.