Using FTP securely in SCS
Because regular FTP sends unencrypted passwords over the network, it is possible for a malicious eavesdropper to discover your password when you use FTP. To help minimize the risk, the FTP servers on Facilitized Linux hosts accept special Kerberos instance passwords instead of your main Kerberos password.
In order to make use of this feature and use our FTP servers, you will need to perform the following steps:
- Create a Kerberos ftp instance and password
- Add your Kerberos ftp instance to the AFS ACLs of any directories that you wish to access with FTP
Once you have performed those steps, you can use FTP as follows:
- Use your FTP client to connect to the host that you wish to transfer files to/from.
- Type your SCS Kerberos username when it asks you for your name. For example, "bovik" if your username is bovik (do not use "bovik/ftp" or "bovik.ftp").
- Give your ftp instance password when it asks you for your password.
You can use the Kerberos Instance Manager to create a /ftp instance as well as set/change it's password. More information about doing this is available here.
Important: The password you choose should be different from your main SCS Kerberos password.
Once you have created your ftp instance, you can add it to AFS ACLs using the fs command from any Facilitized Linux machine (such as linux.gp.cs.cmu.edu). To minimize the risk of the password being snooped and misused, you should not add this instance to the ACL of your top-level AFS directory.
Your username.ftp instance is added to AFS ACLs just like any other AFS identity. For example, the following command would add the instance "bovik.ftp" to the directory /afs/cs/user/bovik/ftp:
fs sa /afs/cs/user/bovik/ftp bovik.ftp rlidwk
and would give bovik.ftp all rights except administration rights (the right to set ACLs) on that directory.
Additional security considerations
Your FTP instance password can only be used for FTP. It cannot be used to login to hosts that you have an account on unless it is the same as your main Kerberos password (which is why it's important that the passwords are different). However, when used for FTP it can be used to read and write files in local directories with the same privileges that you would have on those local directories & files. As a result, there are some security issues with using FTP instance passwords if your home directory is not in AFS.
A more secure alternative to using FTP with FTP instance passwords would be to use SSH and either use scp or use SSH tunneling with FTP.