Apologies if this isn't the right forum but I need the advice of an FTP familiar engineer. For security reasons, FTP services are being shut down on our company's Solaris 5 server. The reason is that man in the middle attacks are easier under the old FTP protocol. We run perl scripts that FTP OUT to other services, pull information in which we then sanitize and parse. What we don't want to do is function as an FTP host because we have no information that is relevant to put out. The software is old, there is no dev/test environment and wholesale "shutting down FTP services" ( where we can't even FTP out ) would break our production environment. I'd prefer to keep running FTP out to other servers in the interim until we can convert all the scripts to SFTP but is this even possible? To be a client but not a host? I know this question is vague for this SE forum normal so feel free to close.
1
- 2Yes it is possible. Just shut down the ftp server. The ftp client functionality (OUT in your description) will not be affected. That's assuming your IT department is indeed just turning off the ftp service and is not adding any extra secutiry such as blocking all ftp ports.kaylum– kaylum2020-02-05 02:45:47 +00:00Commented Feb 5, 2020 at 2:45
Add a comment |
1 Answer
FTP service inbound is managed by an FTP server. FTP connections outbound are performed by a client. The two parts are independent of each other.
I'm not running Solaris so I can't give you the specifics process names, but this Oracle documentation link explains how to enable and disable the FTP server:
svcadm disable network/ftp # Stop and disable the FTP server You can verify that the service is no longer running by attempting to connect to it with the FTP client (and you can also confirm that you can still make connections outbound):
ftp -n localhost 