I need to set up an FTP server on a virtual server keeping overheads to a minimum.
What I'd like is some kind of GUI to administer it (add new users etc) which runs on my desktop and does the admin remotely, so that when not in use it has zero overhead (compared with having to install a web server and database to manage it, for example).
Not fussed as to which FTP server at this point.
(It strikes me that a tool that was able to manage text based config files over SSH for FTP servers but also other services would be quite useful, does such a thing exist?)
On 28/01/16 12:58, Mark Rogers wrote:
I need to set up an FTP server on a virtual server keeping overheads to a minimum.
What I'd like is some kind of GUI to administer it (add new users etc) which runs on my desktop and does the admin remotely, so that when not in use it has zero overhead (compared with having to install a web server and database to manage it, for example).
Not fussed as to which FTP server at this point.
(It strikes me that a tool that was able to manage text based config files over SSH for FTP servers but also other services would be quite useful, does such a thing exist?)
I presume you mean by virtual server, a server in some ISP's server racks that you're renting. If instead you mean a virtualised server running as a virtual machine on your own kit then this isn't relevant!
Not quite what you're after but Webmin (webadmin) is a capable remote admin in a browser. It's not quite what you're after though as it obviously runs on a web server on the remote machine.
I would have thought most virtual servers would have some sort of web based config, but I've not ever rented one, so I don't know for sure.
If the virtual server is running a gui, you could just run the normal setup routines but have a VNC connection to the machine. Alternatively, some programs work with X-Windows forwarding. In the remote machine's sshd_config file, add X11Forwarding yes X11UseLocalhost no and restart the sshd server.
Then make a ssh connection as
ssh -X user@remoteserver
NB Capital X
then if you do something like
sudo gedit /etc/fstab
then gedit will run on the remote screen, editing the file on the remote machine, but DISPLAY on the local machine.
Funky when it works.
However, this relies on your machines running X Windows, which I think some systems are moving away from.
Hope that helps
Steve
On 28 January 2016 at 20:32, steve-ALUG@hst.me.uk wrote:
I presume you mean by virtual server, a server in some ISP's server racks that you're renting. If instead you mean a virtualised server running as a virtual machine on your own kit then this isn't relevant!
Yes, although I don't see why it wouldn't apply on a VM on my own kit (and for me that case would be useful too, although it isn't what prompted the enquiry).
Not quite what you're after but Webmin (webadmin) is a capable remote admin in a browser.
It is indeed, and I use VirtualMin (which is WebMin with hosting bells and whistles added) in a couple of places, although I think it's just shielded me for learning stuff that I could do more quickly without it. However there is a fairly big overhead sitting there 24/7 just to allow me to make occasional config file changes.
(I say "me", but I'm happy doing it via SSH. The desire for a GUI is for others who are less used to commandline config.)
If the virtual server is running a gui
It won't be. In this case all it needs to do is provide FTP services (no web/db), although I have several VMs out there which do web/email/db stuff, none of which have desktop environments, most of them with around 512MB RAM..
Mark
On 29/01/16 12:18, Mark Rogers wrote:
On 28 January 2016 at 20:32, steve-ALUG@hst.me.uk wrote:
Not quite what you're after but Webmin (webadmin) is a capable remote admin in a browser.
It is indeed, and I use VirtualMin (which is WebMin with hosting bells and whistles added) in a couple of places, although I think it's just shielded me for learning stuff that I could do more quickly without it. However there is a fairly big overhead sitting there 24/7 just to allow me to make occasional config file changes.
(I say "me", but I'm happy doing it via SSH. The desire for a GUI is for others who are less used to commandline config.)
OK, they want a GUI, Webmin's a gui. There will be overhead, *BUT* what overhead? It it's not getting used, I would have thought the processor overhead of a web server serving a page that's not being accessed would be minimal. There would be disk space and memory overhead, for sure, but I wouldn't have thought it would be to honourous, unless you pay per MB of storage/memory!
Secondly, do you REALLY want an FTP server? FTP can't transfer files securely, and can't do user accounts/logins securely so it's only really useful (AIUI) for situations where little or no security is acceptible, e.g. downloads of the latest version of Ubuntu with no password or username required.
SFTP is better (secure FTP), but to be secure, I think most people would use SCP (Secure CoPy -= cp via SSH (Secure SHell))
I have vsftp installed. Very Secure File Transfer Protocol. It can do FTP, or SFTP( I think).
I have it set up purely to work INSIDE my firewalled network. I only use it to allow a webcam to FTP in images. There is an account for the webcam on vsftp, but that's the only one allowed in.
It works for me. May I suggest you google the security implications of FTP if you're not using it in a situation where trivial security is acceptable?
Good luck!
Steve
On 29/01/16 14:07, steve-ALUG@hst.me.uk wrote:
[SNIP]
Secondly, do you REALLY want an FTP server? FTP can't transfer files securely, and can't do user accounts/logins securely so it's only really useful (AIUI) for situations where little or no security is acceptible, e.g. downloads of the latest version of Ubuntu with no password or username required.
SFTP is better (secure FTP), but to be secure, I think most people would use SCP (Secure CoPy -= cp via SSH (Secure SHell))
I have vsftp installed. Very Secure File Transfer Protocol. It can do FTP, or SFTP( I think).
As I host clients' web sites and data, I am obliged to provide ftp for them. I also use vsftpd which is as secure as ftp ever will be, I think. With fail2ban, it's reasonably secure and I don't fret overmuch.
Cheers, Laurie.
On 29/01/16 14:33, Laurie Brown wrote:
On 29/01/16 14:07, steve-ALUG@hst.me.uk wrote:
[SNIP]
Secondly, do you REALLY want an FTP server? FTP can't transfer files securely, and can't do user accounts/logins securely so it's only really useful (AIUI) for situations where little or no security is acceptible, e.g. downloads of the latest version of Ubuntu with no password or username required.
SFTP is better (secure FTP), but to be secure, I think most people would use SCP (Secure CoPy -= cp via SSH (Secure SHell))
I have vsftp installed. Very Secure File Transfer Protocol. It can do FTP, or SFTP( I think).
As I host clients' web sites and data, I am obliged to provide ftp for them. I also use vsftpd which is as secure as ftp ever will be, I think. With fail2ban, it's reasonably secure and I don't fret overmuch.
Cheers, Laurie.
There's also DenyHosts although I wouldn't try and use both. DenyHosts can scan logs for all accesses, not just SSH, report any intrusions, and also download a list of suspected intruders (IPs that have intruded on other Denyhost sites) and ban them for a while.
Yes, if you're hosting websites, you have to do FTP really!
Steve
On 29 Jan 14:07, steve-ALUG@hst.me.uk wrote:
On 29/01/16 12:18, Mark Rogers wrote:
On 28 January 2016 at 20:32, steve-ALUG@hst.me.uk wrote:
Not quite what you're after but Webmin (webadmin) is a capable remote admin in a browser.
It is indeed, and I use VirtualMin (which is WebMin with hosting bells and whistles added) in a couple of places, although I think it's just shielded me for learning stuff that I could do more quickly without it. However there is a fairly big overhead sitting there 24/7 just to allow me to make occasional config file changes.
(I say "me", but I'm happy doing it via SSH. The desire for a GUI is for others who are less used to commandline config.)
OK, they want a GUI, Webmin's a gui. There will be overhead, *BUT* what overhead? It it's not getting used, I would have thought the processor overhead of a web server serving a page that's not being accessed would be minimal. There would be disk space and memory overhead, for sure, but I wouldn't have thought it would be to honourous, unless you pay per MB of storage/memory!
Secondly, do you REALLY want an FTP server? FTP can't transfer files securely, and can't do user accounts/logins securely so it's only really useful (AIUI) for situations where little or no security is acceptible, e.g. downloads of the latest version of Ubuntu with no password or username required.
Well, depends on the FTP server, some support TLS, for example. And there's always FTPS (which is straight off SSL'd FTP).
SFTP is better (secure FTP), but to be secure, I think most people would use SCP (Secure CoPy -= cp via SSH (Secure SHell))
SFTP is a protocol that's part of the SSH suite, it's better than SCP for general FTP operations, whilst still going over a standard ssh connection.
I have vsftp installed. Very Secure File Transfer Protocol. It can do FTP, or SFTP( I think).
It's Very Secure from the point of view that it has an excellent security record. However, if you're doing straight FTP over it, then nothing is encrypted, including the password that goes over the wire in plain text. It does *not* support SFTP, but does support FTPS. Of course, for FTPS you should really have a valid SSL certificate for it.
I have it set up purely to work INSIDE my firewalled network. I only use it to allow a webcam to FTP in images. There is an account for the webcam on vsftp, but that's the only one allowed in.
Ahh - if it's not exposed to the outside world, then that's slightly better!
It works for me. May I suggest you google the security implications of FTP if you're not using it in a situation where trivial security is acceptable?
vsftp also allows for chroot'd sessions, limiting the damage.
Thanks,
On 29/01/16 15:42, Brett Parker wrote: {Good Stuff}
That's what happens when you (well I) post stuff from memory without checking facts first. Either memory is faulty, or things have changed since I last looked!
:-)
Steve
PS Sorry admins for sending from the wrong address earlier.
On 29 January 2016 at 14:07, steve-ALUG@hst.me.uk wrote:
OK, they want a GUI, Webmin's a gui. There will be overhead, *BUT* what overhead?
Memory, basically. For webmin I need Apache and that isn't needed otherwise.
It's not a huge issue, but logically it shouldn't be needed. A tool that understands (eg) vsFTP config files and manages them remotely via SSH ought not be too complicated and would have no overhead! Not that I am volunteering to write one...
Secondly, do you REALLY want an FTP server?
No!
But then it's not my choice. This is part of the reason why there'll be nothing else on that server, although in reality the files are just CSV data files which aren't confidential (or interesting outside the application) so it's not a huge issue.
SFTP is better (secure FTP), but to be secure, I think most people would use SCP (Secure CoPy -= cp via SSH (Secure SHell))
Except where "most people" are Windows users...
SFTP is fine as FileZilla supports it although I don't get to mandate that.
I have vsftp installed.
I don't think I've used vsFTP. I have used PureFTP in the past which I'd expect to be just as secure, but I don't have a preference.
Mark
On 29/01/16 16:18, Mark Rogers wrote:
On 29 January 2016 at 14:07, steve-ALUG@hst.me.uk wrote:
OK, they want a GUI, Webmin's a gui. There will be overhead, *BUT* what overhead?
Memory, basically. For webmin I need Apache and that isn't needed otherwise.
It's not a huge issue, but logically it shouldn't be needed. A tool that understands (eg) vsFTP config files and manages them remotely via SSH ought not be too complicated and would have no overhead! Not that I am volunteering to write one...
Secondly, do you REALLY want an FTP server?
No!
But then it's not my choice. This is part of the reason why there'll be nothing else on that server, although in reality the files are just CSV data files which aren't confidential (or interesting outside the application) so it's not a huge issue.
SFTP is better (secure FTP), but to be secure, I think most people would use SCP (Secure CoPy -= cp via SSH (Secure SHell))
Except where "most people" are Windows users...
SFTP is fine as FileZilla supports it although I don't get to mandate that.
OK, well, you can use FTP in a web browser, but most times I've done FTP, I've installed a program to do it. If you're going to install a program, that program may as well be WinSCP, which does SCP *AND* FTP (at least I think it does FTP). Then you can use SCP :-) You can also install putty of course for SSH access.
Unless it's FTP from a program or scripted, in which case I don't know!
Good luck!
On Fri, 29 Jan 2016 16:18:09 +0000 Mark Rogers mark@more-solutions.co.uk allegedly wrote:
On 29 January 2016 at 14:07, steve-ALUG@hst.me.uk wrote:
OK, they want a GUI, Webmin's a gui. There will be overhead, *BUT* what overhead?
Memory, basically. For webmin I need Apache and that isn't needed otherwise.
No you don't. Apache is an unnecessary resource hog. I gave up using it over decade ago. I use lighttpd for all my web services. And I use it with webmin. If you want a /really/ lightweight HTTP daemon, take a look at tHttpd (although that is now very old).
Also: +1 for SFTP. You really don't want vanilla FTP passing credentials in the clear. I think gFTP is a good gui client for linux/OSX (though that too is now sadly getting long in the tooth).
(And thanks to Laurie for the pointer to Ansible.)
Mick
---------------------------------------------------------------------
Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net
---------------------------------------------------------------------
On 29/01/16 17:39, mick wrote:
[SNIP]
(And thanks to Laurie for the pointer to Ansible.)
My pleasure! It's the business. I went to this bloke's presentation at DoxLON last year which was a shoot-out between Chef, Puppet and Ansible. We were open-minded about CM tools, and in the end myself and my mate much preferred Ansible, and not just because the presentation was good:
http://probably.co.uk/my-slides-from-doxlon-talk.html
See also: http://probably.co.uk/being-a-part-of-it.html
His entire blog is worth a look for Ansible stuff, actually.
Cheers, Laurie.
On 29 January 2016 at 17:39, mick mbm@rlogin.net wrote:
No you don't. Apache is an unnecessary resource hog. I gave up using it over decade ago. I use lighttpd for all my web services.
Fair point, s/Apache/web server/g in my previous email.
Actually Apache isn't the resource hog it used to be either, at least not when using mpm-event (which to be fair isn't the default).
However it's all still an overhead compared with logging in via SSH and hand editing text-based config files, and there's no reason why a GUI couldn't run on an admin's desktop and remotely "hand-edit" those files for him/her, thus removing that overhead.
Also: +1 for SFTP. You really don't want vanilla FTP passing credentials in the clear.
I'd say you don't want anything that you care about sent in the clear, or protected by anything sent in the clear. However in a situation where the data isn't valuable and the user/pass can't get anywhere beyond that data the issue is less important. As a preference I'm always going to go for SFTP over FTP but the "spec" is that the end user should be able to download via FTP, which might include an automated download using something that can't cope with SFTP. It does mean that having a secure FTP server matters though (ie I need confidence that an FTP user cannot access anything beyond that data), and I also don't plan on having anything else on that server. Note that those users only have read access anyway.
I think gFTP is a good gui client for linux/OSX
FileZilla isn't bad either, and being cross-platform means I can provide a level of support for it on Windows despite using it on Linux myself. And it supports SFTP just fine, but I can't mandate it's use so can't restrict to SFTP.
On 28/01/16 12:58, Mark Rogers wrote:
I need to set up an FTP server on a virtual server keeping overheads to a minimum.
What I'd like is some kind of GUI to administer it (add new users etc) which runs on my desktop and does the admin remotely, so that when not in use it has zero overhead (compared with having to install a web server and database to manage it, for example).
Not fussed as to which FTP server at this point.
(It strikes me that a tool that was able to manage text based config files over SSH for FTP servers but also other services would be quite useful, does such a thing exist?)
http://www.ansible.com/ is pretty simple to grasp, uses no agents, pushes over SSH, and has YAML config files. Useful skill too, much in demand.
DigitalOcean, as ever, has a couple of quick intros to it:
https://www.digitalocean.com/community/tutorials/how-to-install-and-configur... https://www.digitalocean.com/community/tutorials/how-to-create-ansible-playb...
Also: http://www.ansible.com/get-started
Cheers, Laurie.
On 29 January 2016 at 10:56, Laurie Brown laurie@brownowl.com wrote:
http://www.ansible.com/ is pretty simple to grasp, uses no agents, pushes over SSH, and has YAML config files. Useful skill too, much in demand.
Thanks, Ansible looks useful for me, although I'm not sure it'll be enough to help out my colleague who really wants a GUI. I'll certainly look at it though, as there are plenty of tasks I carry out where this type of automation would help.
On 29/01/16 12:20, Mark Rogers wrote:
On 29 January 2016 at 10:56, Laurie Brown laurie@brownowl.com wrote:
http://www.ansible.com/ is pretty simple to grasp, uses no agents, pushes over SSH, and has YAML config files. Useful skill too, much in demand.
Thanks, Ansible looks useful for me, although I'm not sure it'll be enough to help out my colleague who really wants a GUI. I'll certainly look at it though, as there are plenty of tasks I carry out where this type of automation would help.
Cool.
Ansible Tower is a GUI, and it is free for up to 10 nodes, so there's a possibility there. In truth, all one needs is a decent editor to write the YAML files and it virtually drives itself. Even GUI fans can drive a console now and again!
Also, you might want to check out Semaphore, but I think it seems that an alternative GUI to Tower may be a while off. A few seem to be in the pipeline, but not yet mature. Semaphore costs, but it has a free option. https://semaphoreci.com/
Cheers, Laurie.
On 28/01/16 12:58, Mark Rogers wrote:
I need to set up an FTP server on a virtual server keeping overheads to a minimum.
What I'd like is some kind of GUI to administer it (add new users etc) which runs on my desktop and does the admin remotely, so that when not in use it has zero overhead (compared with having to install a web server and database to manage it, for example).
Not fussed as to which FTP server at this point.
(It strikes me that a tool that was able to manage text based config files over SSH for FTP servers but also other services would be quite useful, does such a thing exist?)
BTW, further to my earlier reply, you won't be needing Ansible Tower!
It also does one-off commands from the terminal which are executed remotely. Handy for checking daemons, mail queues and so on.
Cheers, Laurie.
-
Brett Parker -
Laurie Brown -
Mark Rogers -
mick -
Steve -
steve-ALUG@hst.me.uk