Ok, so i'm trying to get me an FTP for ease of use sake up and running again. I've acquired Serv-U (which actually seems perfect for server use apart from i'm still running a 30 day trial). It runs as a service and uses a nice local web front end. Anyway, as far as i can tell i've set up users and pointed them to the folders etc...

I'm only using the SFTP or FTPS connections (yes i'm trying both) but for some reason unless i'm connecting within the network (192.xx.xx.xx) it won't validate my login details.

I've got dyndns set up (alexdoddedinburgh.dyndns.org) and i've tried port 990,21,22 and implicit/explicit secure connections, and SFTP with FireBug. But for some reason its not having any of it. I've definitely forwarded the ports and everything should be working ok, but it isn't, what the fudge should i be looking at next?

FTP and port forwarding is hell on earth - you use port 21 for establishing the connection but it then establishes a connection on a random higher port.

Solution = put your FTP server in your router's DMZ and "hope for the best" or give up and use something like WebDAV to make your files available over HTTP :)

I think his server's a Windows box - DMZ is probably risky.

I can get a connection on 22 - give me a username password and I'll try an SFTP connection. All that traffic will be over the 1 port.

Ahhh i see, how retarded is that :p Hmmm i just wanted to be able to let me upload/download files securely and easily. And let other people upload to our server for their and my ease of use.

Correct me if i'm wrong but adding it to the DMZ is like pretty much opening it up to the internet right? I'd probably rather not do that for so many many reason!

Is there no way of controlling what ports FTP's use? :(

Not in a way thats "good", no.

P.S. SFTP is the slowest thing in the world, ever.

Oooooh wait a second after little bit of fiddling, the SFTP connection seems to be working (albeit if you ignore anything to do with certificates)

checkout alexdoddedinburgh.dyndns.org, port 22 SFTP
Username: BoatDrinks
password: welcomaboard

Yeah i'm aware SFTP is a pretty lame way of transfering things, but it does keep the conection secure the whole time as opposed to just authenticating securely. Useless really since i'm not moving anything top secret :p

It'll also be fine over a WAN connection. For sure, over LAN there are better ways, but over a WAN, presumably for things that aren't terribly important anyway, its a secure, no fuss way of doing things.

Wont let me in - are the credentials right? I tried spelling welcome correctly and it still didnt take it.

Lol @ i tried spelling welcome correctly :p Yeah it should be welcomeaboard, hmmmm i'm in the process of fiddling actually, so leave it for now :p I can see you tried to connect though. I'm getting closer :)

For the LAN i'm more than happy with just my shared folders, and two forms of remote desktop which do the job for the rare times i need remote access. Although i am thinking about setting up SSH properly on it and then some kind of VNC to run securely too. But right now it's not top of my list. Just being able to dump files with some vague security in mind is all i need like you say :)

Oh faff this, as usual it was meant to be a quick little thing while i had some time. Instead its driving me up the wall... :) I'll be back to this but i have more important things to be doing right now (like eating and then going out of course). Bah, if its not one thing :p

Right take 10, i've scraped what i was using as it was giving me immense hassle. I'm back to using something i tried earlier but this time i'm gonna make sure i get it working :)

So i'm using freeSSHd which is essentially based off openSSH i think. Now basically installed it pointed it to the root folder i want. Made one user (boatdrinks) with a SHA1 hash password (welcomeaboard) granted SFTP rights only. And started the SFTP service. Yet i still can't connect internally or externally with WinSCP, 've given up using FireFTP because tbh i think that was part of my original problems anyway it doesn't seem that good.

So the question is why can i still not connect :p? =/

I'm using freeSSHd because i hope to also use the SSH side of thing for a bit of admin just in case in the future. Its nice to have :) Next is a VPN and some kind of SSH tunnels VNC just in case :) But hey babysteps since my SFTP isn't playing ball yet.

$ telnet alexdoddedinburgh.dyndns.org 22
Trying 80.195.254.32...
Connected to alexdoddedinburgh.dyndns.org.
Escape character is '^]'.
SSH-2.0-WeOnlyDo 2.0.6
$ sftp alexdoddedinburgh.dyndns.org
Connecting to alexdoddedinburgh.dyndns.org...
The authenticity of host 'alexdoddedinburgh.dyndns.org (80.195.254.32)' can't be established.
Are you sure you want to continue connecting (yes/no)? yes
Disconnecting: Bad packet length 3523815878.
Couldn't read packet: Connection reset by peer
$ sftp alexdoddedinburgh.dyndns.org
Connecting to alexdoddedinburgh.dyndns.org...
ssh: connect to host alexdoddedinburgh.dyndns.org port 22: Connection refused
Couldn't read packet: Connection reset by peer
Looks like you're messing about with it though as I just got a security violation warning.

OK - it's behaving now but denying the username/password.

Cool, thats essentially what i'm getting denied username and password
but i don't uderstand why :( It's definitely right...?

I have no effing clue what i'm doing here at all, and its so very frustrating. WinSCP is telling me it can authenticate. Do i need to use the security keys? I thought i could just blindly add/ignore them?

Try just setting a plaintext password for the user. You don't want to be using SHA-1 (or any other) hash for user accounts right now.

Setting a hash for the host (computer) is fine. You've done that and it works.

I can't do that freeSSHd, i can choose:
NT Auth, which i'd rather not get mixed up with
Password stored as SHA1 Hash
Public key (SSH Only)

I have no idea what i'm doing but i've stumbled my way through and i thought i've been doing it right but i just don't seem to be able to log on with PuTTY or WinSCP. It's royally frustrating. I've granted the boatdrinks user with SSH and Tunneling for now too whilst i'm trying other things if you want to have a mess around yourself if you can get in that is (join the party? :D). I've forwarded Port 22 too as you can see since you can see/connect you just can't Auth which is my problem too.

Why the **** are things so difficult for seemingly no reason :p?

See here (http://alexdoddedinburgh.dyndns.org:81/) for my privatekeys that i've made up so far incase you need them. I'd attach them on the forum but it only supports nzb's and torrent filenames

Access denied - and you really shouldn't be publishing private keys anyway. That's the whole point of being private.

You can do what I said - it's just that if you follow the wiki they tell you to disable password authentication. That'll stop you logging in without those private key files.

Yeah i'm aware thats not a clever idea, but dont worry theyre only there for you, and i can recreate new ones no? :p

Right i will have another play then disabling that pap :)

//Edit: Wait yeah crossed wires, i didn't follow the wiki to the letter, i set my own password in freeSSHd for the user, not using the key only. But the only option is the hash. I'm losing interest again, can't be bothered spending more than an hour setting up something so technically trviial. Its crap, i will no doubt have another go some time int he future. Its not that important to me yet it would have just been nice to have it working :)

Have another Edinburgh meet. Invite someone round. Sorted. :p

$ sftp -v boatdrinks@alexdoddedinburgh.dyndns.org
Connecting to alexdoddedinburgh.dyndns.org...
OpenSSH_4.7p1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to alexdoddedinburgh.dyndns.org [80.195.254.32] port 22.
debug1: Connection established.
debug1: Remote protocol version 2.0, remote software version WeOnlyDo 2.0.6
debug1: no match: WeOnlyDo 2.0.6
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'alexdoddedinburgh.dyndns.org' is known and matches the RSA host key.
debug1: Found key in known_hosts:10
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: publickey
debug1: Next authentication method: password
boatdrinks@alexdoddedinburgh.dyndns.org's password:
debug1: Authentications that can continue: password,publickey
Permission denied, please try again.
So, the server is correctly configured, but the username/password isn't. Remember that SSH is case-sensitive.

I don't blame you for struggling with this. The wiki is very poor - it tells you to change things but in most cases makes no attempt to tell you how or why. Even I can't get to grips with it so some hope you have. :/

Well well i buggered off to play piano, i'm not farting around with it anymore, but i've put everything in lowercase anyway just to make sure. It keeps telling me my username and password are wrong, or at least password is wrong, i faffing know it isn't though its lying :p. Something isn't right but i think it runs deep than me this time...

Haha just tried connecting and now im getting connectiong refused. God only knows.

That wiki isn't theirs to be fair, but its bad enough that they point you to it in the first place though!

An alternative, good, free FTP server for windows is FileZilla. Easy to setup, easy to use.

Hahahaha nice one Garp, i've actually already been fighting with that as well (i've tried loads on the market free and , for almost the same reasons... Everything looked like it worked but didnt. I don't just want FTP i want something half secure for when i'm at home basically. Filezilla was a nightmare to try and set up as well it seems. I just feel stupid :D

Anyway after finding freeSSHd it suits what i need a free secure FTP but also allows me to SSH into my server. Well it should, maybe not quite yet :) I might end up using both anyway freeSSHd just for my SSH needs. God knows what i want right now, just something that works to be fair!

You could always do it Linux stylé and install Cygwin and opensshd.. good luck with that if you do though, no fancy GUI for setting it up ;D

Yeah, i hope to god you're joking Garp :p

Well, good news, everything seems to be working now, but i didn't really do anything to fix it. I just reinstalled and went from the beginning again, and seem to have touched lucky...

How do i utilise the keys properly, I've made new keys on the server, and then copied them over to my client PC, converted them with puttygen, and used them in my connecting but it doesn't like them =/. I don't plan to use them except form my connection which has pretty nice privileges that I'd rather were a pain to get hold of :p.