| View previous topic :: View next topic |
| Author |
Message |
Syldorian
n00b
Joined: 14 Jan 2004
Posts: 31
|
 Posted: Wed Apr 14, 2004 3:41 pm Post subject: SFTP-only server? |
 |
|
I have SSH running on my box fine. Is there any way to restrict some users to only being able to use SFTP, though? I.e. they have no access to a console?
Thanks for any replies. |
|
| Back to top |
|
 |
neilhwatson
l33t
Joined: 06 Feb 2003
Posts: 719
Location: Canada
|
| Posted: Wed Apr 14, 2004 3:55 pm Post subject: |
|
|
What about changing there shell? Or placing them in a chroot jail?
_________________
The true guru is a teacher.
Neil Watson |
|
| Back to top |
|
|
xming
Guru
Joined: 02 Jul 2002
Posts: 441
|
|
| Back to top |
|
|
nevynxxx
Veteran
Joined: 12 Nov 2003
Posts: 1123
Location: Manchester - UK
|
| Posted: Wed Apr 14, 2004 4:05 pm Post subject: |
|
|
One way I once read is to set their terminal to /dev/null, in the /etc/passwd file. I think ssh should adhire to that.
The problem is you cannot block the port, as it will kill both services, and you cannot just stop all autentication for the same reason. Have a look in the ssh config file, you may be able to tell it not to allow user logons.
_________________
My Public Key
Wanted: Instructor in the art of Bowyery |
|
| Back to top |
|
|
ozonator
Guru
Joined: 11 Jun 2003
Posts: 591
Location: Ontario, Canada
|
| Posted: Wed Apr 14, 2004 4:29 pm Post subject: Re: SFTP-only server? |
|
|
| Syldorian wrote: | | I have SSH running on my box fine. Is there any way to restrict some users to only being able to use SFTP, though? I.e. they have no access to a console? |
I've been using rssh to do this for a while; it's a special shell for only scp/sftp access. It does all I need, and it works exactly as advertised. scponly, as already mentioned here, is an alternative. |
|
| Back to top |
|
|
Syldorian
n00b
Joined: 14 Jan 2004
Posts: 31
|
| Posted: Wed Apr 14, 2004 7:19 pm Post subject: |
|
|
| Thanks much for the replies. I emerged scponly. Seems to be working great. <g> |
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Wed Apr 14, 2004 9:48 pm Post subject: |
|
|
is there an SFTP server that uses the ftp ports?
i mean other then openssh, i want a seperate SFTP server.
They way i might be able to create seperate accounts, without giving ssh.
The other options seem very messy.
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
|
ozonator
Guru
Joined: 11 Jun 2003
Posts: 591
Location: Ontario, Canada
|
| Posted: Wed Apr 14, 2004 10:00 pm Post subject: |
|
|
| MooktaKiNG wrote: | | They way i might be able to create seperate accounts, without giving ssh. |
The whole idea of rssh is that a user account would only be allowed to do sftp or scp: such accounts can't do regular ssh and get a normal interactive shell the way a normal, non-restricted user can (scponly also has options for allowing rsync or unison access over ssh, but still no regular shell). So, if you want to create separate accounts, go ahead and do so, giving them rssh or scponly as their shell. Just because it's all managed by sshd, listening to the same port, doesn't reduce the level of security (after all, each ssh connection is handled by a separate, privilege-separated process).
Perhaps I'm not understanding your concern, but this method doesn't seem messy to me. It actually seems a bit neater, since I only need to run one service for both regular and restricted users. |
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Wed Apr 14, 2004 10:34 pm Post subject: |
|
|
yeh maybe your right.
I think i remember reading that PureFTPd supported encryption. probably using TLS or something.
I can't remember
Has anyone tried it?
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Wed Apr 14, 2004 10:35 pm Post subject: |
|
|
Oh and i much prefer something like PureFTPd.
This way i can put limits on uploads etc.
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
|
|
Networking & Security
