[KLUG Members] How can outsider transfer files to my server without shell access?

[John Pesce]

On Thu, 2005-10-13 at 11:06 -0400, bill wrote:
> On Thu, 2005-10-13 at 10:28, John Pesce wrote:
> > I need a way for a client to regularly transfer files to my server
> > without giving them shell access. They prefer a command line something
> > so they can just modify their scripts. 
> > My IT border router police strongly discourage FTP because of the clear
> > text passwords. I'd love to give them sftp or scp access, but I don't
> > want them to have shell access or be able to wonder around my
> > filesystem. I looked at rssh, but the support seems thin, I'm not sure I
> > if I can trust it, and I can't get the jail option working.
> > 
> > I was thinking of something like wget that would let them post a file to
> > my webserver. wput seems to connect to ftp servers, isn't that just
> > another ftp client?  I didn't see anything in my Redhat Enterprise or
> > Suse 9.3 package lists that appeared applicable. Some kind of security
> > would be nice so that anybody doesn't start uploading files.
> > 
> > This seems like it would be a simple and common thing to do.
> 
> Because you already have a webserver, you could receive the files as a
> POST to a webpage.  
> 
> You could use Apache authentication to get some basic security and
> identification (so everybody can't upload files).
> 
> If your webserver uses PHP it should be easy to work with file uploads,
> PHP has functions to handle file uploads and work with files.
> 
> http://php.net/manual/en/features.file-upload.php
> 
> They can POST to the page using CURL (curl can actually handle LOTS of
> ways to move files).
> 
> http://curl.haxx.se/
> 

CURL rocks! Another hidden treasure on my box ;)