• United States

Getting secure FTP to work on a shoestring

Nov 03, 20031 min
Enterprise ApplicationsSecurity

We want to implement secure FTP service (SFTP) on our Windows 2000 servers, but we don’t have the budget for a commercial product and are having trouble getting OpenSSH compiled so it will run as a Windows service. Is there any online documentation or open source binary distributions of a Secure Shell server or SafeTP Daemon that will run as a service under Windows 2000?

The free SafeTP proxy can be used with your existing FTP server software to provide SFTP services. Windows client software also is available for securing existing FTP client software.

SafeTP is vulnerable to certain passive FTP mode abuses when used with NAT, so you get what you pay for.

A newer OpenSSH for Windows alternative is a binary distribution that provides a full OpenSSH package in a minimal Cygwin environment tuned to run as a Windows service.

There are security concerns with Cygwin’s shared memory management that make it unsuitable for sensitive production Server Shell access. To disable remote command prompt access, change the user’s OpenSSH passwd file entry from /bin/switch to /usr/sbin/sftp-server.

Blass is a network architect at Change@Work in Houston. He can be reached at