"Sam Nichols" <sizaminerd.net> wrote in message
news:sizam-6C5DF4.10414926062003news.stanford.edu...
> In article <_llKa.22031$pH3.3939news2.east.cox.net>,
> "Kenneth A Kauffman" <kkauffmannospam.headfog.com> wrote:
>
> > "Sam Nichols" <sizaminerd.net> wrote in message
> > news:sizam-B7BB46.10305725062003news.stanford.edu...
> > > Hello,
> > > I'd like to setup vsftpd to only allow connections from local
processes
> > > such that I could create a ssh tunnel to my server and connected to
the
> > > ftp daemon through the tunnel, but it wouldn't listen to any remotely
> > > accessable port? I see in the docs how to allow access to local
users,
> > > thats not quite what I'm looking for though.
> > >
> > > Thanks
> >
> > Hmm.. what is the ultimate goal? If it is to transfer files securely;
you
> > can use SFTP, which is installed by default as a subsystem to SSH. Are
you
> > trying to do FTP over SSL using VSFTP?
> >
> > ken k
>
> What I want to do is use the FTP protocol securely. The software I use
> to edit files (BBEdit) doesn't support sftp, only ftp (port 21) so I
> want to tunnel through my local computer to my server at home's FTP port
> BUT I don't want any computers to be able to connect to the FTP port
> without going through a tunnel.
use the native SSH port forwarding. you will need to forward ports 20 and
21. this will allow you SSH into your remote machine, then use LOCALHOST
from your client. the SSH port forwarding will then send the requests
through the tunnel. The lock down ports 20-21 on your box using IPTABLES or
your firewall/router. Then the connection can only be made from a valid
user with SSH access and port forwarding enabled.

I can't quite remember, but I think if you wanted to wrap FTP with SSL then
you would need a client that suports that also.
ken k