Manualshelf

Securing FTP/iX

ManualsBrandsHP ManualsSoftwareMPE/iX 7.0 Operating System
11121314151617181920
220 HP ARPA FTP Server [A0012003] (C) Hewlett-Packard Co. 2000 [PASV SUPPORT]
Connected to Mymachine (aaa.bbb.ccc.ddd). (FTPINFO 40)
Name(manager): manager.sys
---> USER manager.sys
331 Password required for MANAGER.SYS. Syntax: userpass
Password:
---> PASS secret
230 User logged on
---> SYST
215 MPE/iX LF system type.
Remote system type is MPE/iX
---> SITE MPE/iX FTP Client [A0012003]
200 MPE/iX command ok.
---> TYPE I
200 Type set to I.
When DEBUG_PASS is turned OFF, the logon password is not displayed:
:ftp
ftp> debug
ftp> o system
Name(manager): MGR.TEST
---> USER MGR.TEST
331 Password required for MGR.TEST. Syntax: userpass
Password:
---> PASS ********
6.4
Disallowing READ access to NETRC file
The NETRC file defines logons used by the FTP auto login feature and may contain embedded passwords. It is a
security vulnerability if read/write access is allowed to this file , yet FTP needs to read the file to extract the user
logon information.
This enhancement allows the file security to be set such that no users have read (or write)
access, but they can be permitted execute access. FTP will now open the file requesting execute access and will be
able to read the contents. The NETRC file can be secured via an ACD or via the traditional file/group/account
security as long as only execute permission is granted.
The syntax of NETRC entries is as follows:
ü
machine ["]machine_name["] login ["]user["] password ["]passwd["]
ü default login ["]user["] password ["]passwd["]
Example:
machine "HPSYS" login "MANAGER.SYS" password "USERPASS,ACCTPASS"
default login "MGR.TELESUP" password "USERPASS,ACCTPASS"
6.4.1 Rules of the NETRC configuration file
ü This file can be created and edited with any editor.
This file should be unnumbered, of fixed width ASCII,
with a record-width of no more than 72 bytes.
ü
The NETRC file should reside in the home group of the user logged-
in. The user will have only the execute
Page
19
of
28
Secure FTP on MPE/iX
7/18/2008
http://jazz.external.hp.com/papers/Securing
-
-
Whitepaper.html