NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
No SFTP in ReadyNAS 2312; best public server alternative?
I've set up a new ReadyNAS 2312 primarily as a local backup destination but now that it's in place I'm thinking of other uses for it. I regularly transfer multi-GB files to individuals, and have...
The NAS is not set up for individual file or folder permissions, you'll need one or more shares for sharing. And you'll also have to poke a hole in your router firewall.
ReadyCLOUD may be an answer, but I recommend you also look at OwnCloud or NextCloud rather than use the NAS authentication system for occasional guest users. That's what they were built for (though they've been expanded to do much more over time) You can get a ReadyNAS ready version of either at https://rnxtras.com/ for a very reasonable fee.
I use OwnCloud myself. NextCloud was in the very early stages when I implemented it, and I just stuck with what I know. I'd probably choose NextCloud today if starting fresh.
Do you have a static public IP address and/or domain name? One of the issues you may have is installing an SSL certificate so that the user doesn't get that same warning about the site being unsafe that you do. That might turn customers away. And a domain name (which can be via dynamic IP, but is easier with static) is required for installing the certificate. ReadyCloud does avoid that part of the process as well as the poking a hole in the firewall.
Leaving the somewhat "different" NFS and DLNA protocols alone: Everything else implemented on ReadyNAS is making use of authentication by username and password - so out of the box with what is in place there is no kind of link sharing available.
FWIW: ReadyNAS has FTPES implemented, not FTPS. Lots of confusing information in the net ref. FTPES - which is an extension to the standard FTP protocol. Key reason why some admins prefer SFTP is the fact that it can run on a single port, while FTPES does require some more effort on NAT port forwarding for the ftp-data port range. The FTP server can be configured so only the encrypted FTPES can be used for both the control and data channel. So what was the security concern again?
schumaku wrote:
FWIW: ReadyNAS has FTPES implemented, not FTPS.
Correct. But not much difference in practice.
- FTPS is implicit FTP over SSL/TLS
- FTPES is explicit FTP over SSL/TLS
FileZilla and (I think) WinSCP treat them as one protocol with an option for explicit/implicit. And the NAS (like WikiPedia) just calls both FTPS. So I generally do also.
schumaku wrote:
The FTP server can be configured so only the encrypted FTPES can be used for both the control and data channel. So what was the security concern again?
If I recall correctly, it was more a fear that FTPS was "old and hackable".
Both FTPES and SFTP are considered secure. The differences are that
- SFTP has option support for SSH keys, while FTPS/FTPES does not
- FTPS/FTPES requires more ports to be forwarded in the firewall.
Thanks folks. I suppose I should explain that I'm a network n00b and all that I know, I know from the ultra-reliabl, always-true internet ;-)
The question came up because I thought it'd be clever to set up my own file server for these occasional file distribution needs. I've got the hardware, so why not. When I saw in the share setup that the protocol FTP was available but not SFTP, I remembered from prior reading that FTP is old and insecure. I scanned the manual for mention of "SFTP" and didn't find it, but I did find "FTPS". I googled the difference and learned that FTPS is a security layer on top of FTP, while SFTP is completely different and considerably more secure. Again, just what I read.
If I can't do single-link to a file, but can link directly to a directory, that'd be fine. If I have to set up a login for each user / folder, c'est la vie. Probably better anyway.
I have not actually read through the steps to create an FTPS server in the manual yet, so I if it's complicated to set up ("more effort with NAT port forwarding" sounds above my pay grade) I may not be successful, but I can certainly give it a shot.
Ultimately, because I'm no IT expert, my #1 concern isn't that it'll be hard to set up, but that I'll do something wrong or choose a bad protocol and leave my entire network open to any fifth grader with a chromebook who watched a "how to hack" video on youtube.
So, should I just go ahead with FTPS (or FTPES, if that's what it actually is) and consider that secure enough?
Thanks again,
-Joseph
The NAS is not set up for individual file or folder permissions, you'll need one or more shares for sharing. And you'll also have to poke a hole in your router firewall.
ReadyCLOUD may be an answer, but I recommend you also look at OwnCloud or NextCloud rather than use the NAS authentication system for occasional guest users. That's what they were built for (though they've been expanded to do much more over time) You can get a ReadyNAS ready version of either at https://rnxtras.com/ for a very reasonable fee.
I use OwnCloud myself. NextCloud was in the very early stages when I implemented it, and I just stuck with what I know. I'd probably choose NextCloud today if starting fresh.
Do you have a static public IP address and/or domain name? One of the issues you may have is installing an SSL certificate so that the user doesn't get that same warning about the site being unsafe that you do. That might turn customers away. And a domain name (which can be via dynamic IP, but is easier with static) is required for installing the certificate. ReadyCloud does avoid that part of the process as well as the poking a hole in the firewall.
Big difference StephenB ... look here: FTPS does imply using a dedicated port for an FTP TLS session, the default is 990/TCP. This is nowhere implemened by ReadyNAS, and can't be configured. Thus, the designation FTPS is more than just misleading. FileZilla as a popular FTP client does (correctly) talk of FTP, and allows using "Use explicit FTP over TLS if available" (the default, if available it's FTPES), "Require explicit FTP over TLS" (so it does not connect over plain text FTP, FTPES again), or "Require implicit FTP over TLS" (that's FTPS - not available on the ReadyNAS).
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
