[KLUG Members] How can outsider transfer files to my server without shell access?

[bill]

On Thu, 2005-10-13 at 10:28, John Pesce wrote:
> I need a way for a client to regularly transfer files to my server
> without giving them shell access. They prefer a command line something
> so they can just modify their scripts. 
> My IT border router police strongly discourage FTP because of the clear
> text passwords. I'd love to give them sftp or scp access, but I don't
> want them to have shell access or be able to wonder around my
> filesystem. I looked at rssh, but the support seems thin, I'm not sure I
> if I can trust it, and I can't get the jail option working.
> 
> I was thinking of something like wget that would let them post a file to
> my webserver. wput seems to connect to ftp servers, isn't that just
> another ftp client?  I didn't see anything in my Redhat Enterprise or
> Suse 9.3 package lists that appeared applicable. Some kind of security
> would be nice so that anybody doesn't start uploading files.
> 
> This seems like it would be a simple and common thing to do.

Because you already have a webserver, you could receive the files as a
POST to a webpage.  

You could use Apache authentication to get some basic security and
identification (so everybody can't upload files).

If your webserver uses PHP it should be easy to work with file uploads,
PHP has functions to handle file uploads and work with files.

http://php.net/manual/en/features.file-upload.php

They can POST to the page using CURL (curl can actually handle LOTS of
ways to move files).

http://curl.haxx.se/

kind regards,

bill