Openssh And Netdrive ...

Support section for FREESCO v0.4.x 3rd Party Packages

Postby bob selby » Tue Apr 07, 2009 4:09 pm

I have found a Windows tool called NetDrive (seemingly free for personal use) that allows you to map an SFTP server as a local drive. Works well in general.

However, one SFTP server I use is OpenSSH on my freesco box and for security reasons it has passwords disabled and uses certificate based authentication only.

WinSCP and Putty deal with this case very well but I cannot figure out how to get NetDrive to do it - password authentication works fine - but I cannot figure out where to install the certificate.

I would prefer to use NetDrive in this way - the NetDrive forum has yielded no help, neither has an email to the developer. Any help welcome.

If "push comes to shove" there is one alternative ... use putty to tunnel into the freesco network and use password authentication to connect to Openssh on the secure side .... Can anyone say if it is possible to setup Openssh so that it uses certificate based authentication on the outward facing port and password based on the inward facing port??? I could live with using two different ports.

I could use FTP instead of SFTP on the inward facing network I guess - but trying to resist it.

TIA
Bob
bob selby
Advanced Member
 
Posts: 292
Joined: Wed Nov 21, 2001 8:18 am
Location: London, UK

Postby Lightning » Tue Apr 07, 2009 8:23 pm

From what I can see there are ONLY two connection types possible. One is standard FTP and the other is Webdav. So your best option to make this connection have any encryption possibilities is to use a PuTTy tunnel and connect to the internal FTP interface from the outside. The functionality of this program is really neat for internal use, but it lacks any security for Internet use unless you use an open FTP server with passwords. Which would not be my first, second, or even third choices.

However one other choice that would work well with this type of application would be to install the "knock" package. What that does is to allow you to run the FTP server in secure mode and then from the Windows machine you run the knock client and the firewall opens the FTP ports 20 and 21 only to the IP address the correct knock sequence came from. Of course this option works well and makes the FTP server secure from anyone trying to hack passwords and such. But it lacks any encryption capabilities for the data being transferred.
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GOD !!
 
Posts: 3045
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA

Postby bob selby » Wed Apr 08, 2009 3:34 am

NetDrive has the option of using SSH if the basic mode is FTP - under "advanced"->"SSL"->"SFTP using SSH2" and it works for passwords. Of course you need to specify port 22 rather than 21.

Bob
bob selby
Advanced Member
 
Posts: 292
Joined: Wed Nov 21, 2001 8:18 am
Location: London, UK

Postby dingetje » Wed Apr 08, 2009 10:46 am

Nice, works like a charm with username/password authentication, but it indeed lacks the feature to use certificate based authentication. The lack of response on the support forum is not a good sign...
GreetZ
http://dingetje.homeip.net

"Software is like sex: it's better when it's free." - LINUS TORVALDS
User avatar
dingetje
FREESCO GURU !!
 
Posts: 1004
Joined: Wed Nov 14, 2001 12:13 pm
Location: The Netherlands

Postby bob selby » Wed Apr 08, 2009 11:45 am

Looking at the logs it produces I suspect that it can use certificates ... the problem is putting them where it can find them :-(
bob selby
Advanced Member
 
Posts: 292
Joined: Wed Nov 21, 2001 8:18 am
Location: London, UK

Postby dingetje » Thu Apr 09, 2009 4:26 am

Indeed the logs show an attempt to locate id_dsa and id_dsa.pub key files, but no clue as where these files are expected to be?

In the *nix world these files reside in .ssh directory in the $HOME directory which would translate to \Documents and Settings\<username>\.ssh in the Windoze world.

However, I've tried placing the key files there and NetDrive still fails to find them (according to the log). Using tools like FileMon (or ProcMon) NetDrive doesn't show any attempts to access id_dsa or id_dsa.pub files as suggested in the logs???

I think support by the author(s) is needed...
GreetZ
http://dingetje.homeip.net

"Software is like sex: it's better when it's free." - LINUS TORVALDS
User avatar
dingetje
FREESCO GURU !!
 
Posts: 1004
Joined: Wed Nov 14, 2001 12:13 pm
Location: The Netherlands

Postby bob selby » Thu Apr 09, 2009 7:59 am

Thanks ... that was the conclusion I came to ... I wont hold my breath for a reply from the author - there is a distinct lack of respone on the support forums :-(
bob selby
Advanced Member
 
Posts: 292
Joined: Wed Nov 21, 2001 8:18 am
Location: London, UK


Return to 3rd Party Package Support for FREESCO v0.4.x

Who is online

Users browsing this forum: No registered users and 0 guests