There is a Explorer-like interface to PuTTY's scp command. Maybe an option. Don't have much experience with this, I personally use some mini-shell-scripts attached to the sendto-menue for uploading.
http://www.i-tree.org/ixplorer.htm Cheers, Marcel --On Donnerstag, 18. April 2002 17:34 -0700 John Morris <[EMAIL PROTECTED]> wrote: > Samba and encrypted passwords. The encrpyted passwords should be default > on later Windows boxes, but may require registry edits on older Windows > OSes. Fast, easy, and secure. Windows Netbios & SMB traffic should > probably already be firewalled in and out,(If not, seriously consider > it), but you can always run Samba tcpwrapped, and so forth. > > Samba is good, and IMHO the right choice for sharing files (and some other > stuff too) to Windows. > > - John > [EMAIL PROTECTED] > > On Thu, 18 Apr 2002, Tom Dominico wrote: > >> I have a Debian webserver that currently runs SSH, HTTP, and SMTP >> services. The SMTP service only accepts mail from the local interface. >> I try to keep my box free of any excess services that might lead to >> vulnerabilities, or that transmit authentication information via >> cleartext. I am running into some issues, however, where having only >> SCP access for file transfer is not convenient. >> >> For example, all workstations here are running some version of Windows. >> I have yet to run across Windows applications that have SCP support >> built-in, though. I have instances where I would like to be able to >> upload/download files from the server to my text editor, synchronize >> directories between a workstation and the server, etc. My options are >> generally only FTP, or using windows shares. I hesitate to install FTP >> because of the issues with cleartext passwords being transmitted, as >> well as potential vulnerabilities in the FTP daemon. I understand that >> some daemons now support SSL for encryption, but I do not know if >> running a FTP server is really a wise idea or not, even with SSL. >> >> I am debating installing samba on the webserver, and setting it up to >> use encrypted passwords. I would not allow "guest" usage of any shares. >> This would make it much easier for me to do development and other tasks >> on the server via my Windows workstation. However, I do not know if I >> would be making a large mistake, security-wise, by doing this. We have >> an external firewall, and I would think I could firewall off samba >> traffic, so that only internal users would even have access, and even >> then it would be protected with an encrypted password. >> >> I am curious to see what the users of this list would suggest. It seems >> that I could do the following: >> >> 1) Install samba, and connect to the webserver via "shares" from my >> workstation. >> 2) Try to install FTP with SSL functionality, and perhaps firewall it >> off for internal use only. >> 3) Do none of the above and use an SCP client to manually transfer >> things back and forth when necessary. >> >> In a nutshell, I am wondering what the best way is to co-exist with >> Windows on the desktop, while still running a relatively secure server. >> >> My other question relates to cleartext passwords. I am writing some >> web-based administrative tools to allow selected users to update >> sections of the website, without having to know how to code. Using a >> simple "htpasswd" scheme, passwords are sent out in cleartext. I am >> concerned that anyone with a sniffer could then gain access to those >> passwords. I work in a school district, and some of these kids are very >> clever, and have a lot of time on their hands. Is there a way to >> encrypt htpasswd traffic, or is there another solution I should examine? >> >> I greatly appreciate any advice. >> >> Tom Dominico >> District Technology Coordinator >> Parlier Unified School District -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
