Nellie2

Personal Ramblings on a Security Theme

Entries Comments



Secure FTP - A How To

7 October, 2007 | Internet, Security, Vista | By: Nellie2

If you use plain old FTP to update your website or transfer anything from your machine to the server (and back again) then you are sending your FTP password over the internet in clear text. Anyone with a little know how could get hold of it, get into your server and cause havoc!!

So what can you do? Secure FTP using a pair of encrypted keys is a good start. You keep your personal key on your machine… and the public key is installed on the server you want to access. When you connect, the public key checks that it matches your personal key… if it does then you are away.

It all sounds very complicated… well not really, all you need are three freely available programs and a nice server admin! :)

1. Downloads

  • PuTTYgen - this will generate the public and private keys
  • Pageant - we will use this little charmer to load the private key
  • FileZilla - free and open source FTP program, my FTP program of choice… I love it!

2. Generate Your Keys

Run PuTTYgen by double clicking on the .exe file you downloaded (there is no need to change any settings) and then;

  1. Click the Generate button to generate your keys
  2. Enter and confirm a passphrase.. you will need to be able to remember this passphrase.
  3. Save your public and private keys somewhere safe. Perhaps a folder in My Docs called Cats… or even better on a password protected USB key that you aren’t going to loose!!

PuTTYgen screenshot

3. Contact Your Friendly Server Admin

It’s at this stage you should contact your server admin (if you aren’t sure what to do serverside.. or you don’t have the right access), send him/her your public key (zipped) and let him/her know what your FTP user name is and ask them to assign you a port for your secure transfers. Once you hear that this has been set up and you have the information you requested.. then you can continue.

4. Create a Desktop Shortcut for Pageant

Navigate to where you saved the Pageant file and right click on it and choose Send to > Desktop (create shortcut). Then go back to your desktop and you should have a nice shortcut like the one below.

Pagaent shortcut

5. Install and Set Up FileZilla

Installing FileZilla is easy peasy, just double click the file you downloaded and follow the prompts.. the only thing I suggest you change at this stage is in the Choose Components screen, add a tick to the Desktop Icon box.

Then doubleclick the desktop icon to run FileZilla… you will get a nice message asking you to report any bugs.. OK that and then the FileZilla window will open. Go to File > Site Manager to get started.

Filezilla window

In the Site Manager window you need to do the following to configure your site connection:

  1. Click the new site button and name your site something relevant. For demonstration purposes I’ve called the one in the screenshot - myftp
  2. In the Host field, type your ftp address.
  3. In the Port field, enter the port number your server admin gave you.
  4. In the Servertype field, choose SFTP - SSH File Transfer Protocol from the drop down list.
  5. In the Logontype field, choose Normal from the drop down list.
  6. In the User field, input your FTP user name.

    LEAVE THE PASSWORD FIELD EMPTY - YOU DO NOT NEED TO ENTER A PASSWORD

  7. Click OK to save your settings.

Filezilla site manager

6. Load Up Your Key and Connect

Now double click on the Pageant shortcut you created earlier and the Pageant icon will appear in your taskbar.. down by the system clock. Right click on that icon and choose Add Key from the menu.

Add Key

A browse window will open up, browse to the folder where you saved your private key, highlight it and select open.

Browse to Key

You will then be prompted to enter your passphrase when you have done that all windows will close but your Pageant icon will still be sitting in your task bar. You can now go back to Filezilla, open the Site Manager window again, click on your site to highlight it and then click connect……….. and away you go!! When you have finished using your FTP program, don’t forget to shut down Pageant as well by right clicking on the icon in your taskbar and choosing Exit.

The only thing you need to remember is to load up your key in Pageant before you try to connect to your site using Filezilla.

I’m sure there are other ways of doing this.. but this method works for me, is compatible with Vista and is easy on the brain and easy on the pocket!

ps…. Big thanks to JimW for talking me through this in the first place :-)

« Yahoo, Paypal and Ebay Team Up
Congratulations Kayne and Christine »

Write a comment