Secure file sharing over internet?

[ctl]

Hi, I have a server that I want to use to share files with users over the internet. The users will be using Linux, Windows, or Mac OS X, and I want them to have write access.

I was planning on using Samba, but I've read that it's a bad idea to use Samba over the internet for security reasons. What is the best software/protocol to achieve this?

Thanks

[Kulfaangaren!]

This might be one alternative.

http://www.sublimation.org/scponly/wiki/index.php/Main_Page

The whole idea is to allow only read and write access but no execute (scp and sftp).
Apparently it can chroot the users as well.

Clients for sftp exists for all OSes.

// Fredrik
_________________
Please add [SOLVED] to the subject of your original post when you feel that your problem is resolved.
Join the 'adopt an unanswered post' initiative today

[neonknight]

Maybe you also want to take a look at webdav or ftp, as they can be handled by every of the mentioned operating systems without installing additional software on the client side. Another argument is of course the easy implementation of SSL, which secures transmission of passwords and data over the internet.

You could also use Samba over an OpenVPN-tunnel, but the Samba-connection might not be stable enough over a low-speed/high-latency internet path.

[TheAbu]

I would say, one of the most secure way to do that would be vsftpd, allowing only SSL connection, with virtual user to limit what can be done on your computer (no shell access, no real account on your machine). Safe enough to stop everyone but a very motivated (and skilled) hacker.
_________________
"Please, forgive my bad English"
Gentoo made me love using my computer again. Thank you to the Gentoo devs and more generally to all the people who makes GNU/Linux possible

[ewaller]

I agree with TheAbu. You can go one better by handing your clients the keys rather than automatically exchanging them on the first connection.

Don't use Samba. I allow it on my home network -- behind the firewall. It is blocked in both directions at the router.
_________________
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday

[Kulfaangaren!]

The title said "secure filetransfer" so I would not suggest FTP-S (not to be confused with SFTP), SSL encrypted ftp, which is what the above posts seem to suggest.
The difference is that FTP-S usually only encrypts the command channel (commands and directory listings) leaving the data unencrypted which people can still sniff/intercept.
I still suggest SFTP as the best alternative. Many FTP (Linux/Windows/MacOS X) clients also supports SFTP and all traffic is encrypted, both data and commands.

// Fredrik
_________________
Please add [SOLVED] to the subject of your original post when you feel that your problem is resolved.
Join the 'adopt an unanswered post' initiative today

[magic919]

Worth adding that FTPS can encrypt the data channel too.

[Kulfaangaren!]

[malern]

The latest version of OpenSSH can do restricted sftp by itself without needing any patches or things like scponly

I've set it up on my machine by adding the following to /etc/ssh/sshd_config

[Kulfaangaren!]

Goodie goodie! Thx for the info
_________________
Please add [SOLVED] to the subject of your original post when you feel that your problem is resolved.
Join the 'adopt an unanswered post' initiative today

[ibasaw]

hi

Whan i do this

[Kulfaangaren!]

[depontius]

[malern]

[depontius]

Interesting... I've tried it, and so far it didn't work. I think part of the problem is that I've tried to have an "integrated AFS login" so that part isn't letting me get in without a password. Of course the integrated AFS login has never worked with ssh anyway, but I've got the hooks in system-auth. I need to revisit this.
_________________
.sigs waste space and bandwidth