- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: ftponly user
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2009 12:55 PM
тАО09-25-2009 12:55 PM
ftponly user
I have created a user only for ftp access ,no shell access.Its worked fine.
But when i trying to ssh got below message.
>ssh pavan@UAEDXBPDCAPPP01
The authenticity of host 'uaedxbpdcappp01 (10.11.10.15)' can't be established.
RSA key fingerprint is d5:26:c4:f0:7e:7c:e4:dc:da:bd:7e:64:a0:6b:26:39.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'uaedxbpdcappp01' (RSA) to the list of known hosts.
Password:
Password:
Last login: Sat Sep 26 00:42:29 2009 from UAEDXBPDCAPPP01
/usr/bin/false: No such file or directory
Connection to UAEDXBPDCAPPP01 closed.
why this showing
Please suggest
regards
himacs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2009 02:03 PM
тАО09-25-2009 02:03 PM
Re: ftponly user
> ,no shell access. [...]
So why would you expect SSH to work using
an FTP-only account? What do you think that
"only" means?
"SSH" = "Secure SHell".
"no shell access"
"ssh"
Think about it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2009 04:50 PM
тАО09-25-2009 04:50 PM
Re: ftponly user
Hi Steven,
Actually my concern is abt password.If anybody tries the ssh with the same user,is there any chance password locking ,since its not accept password.
And why this showing
Please advice..
Regards
himacs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2009 07:53 PM
тАО09-25-2009 07:53 PM
Re: ftponly user
> [...]
Good question. It might be best to disable
SSH access (or, at least password
authentication) for this user. I know
nothing, but I'd guess that this could be
done in the server's SSH config files. It
might also be possible in the user's SSH
client config files, but the user might be
able to FTP in a change to those.
> [...] /usr/bin/false: No such file or
> directory [...]
I don't know that, either, but it may be
simply a poor message. It sure can't use
that shell the way it can use a normal shell,
so I'd guess that it gets a failure of some
kind when it tries.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-26-2009 12:38 AM
тАО09-26-2009 12:38 AM
Re: ftponly user
> I have created a user only for ftp access ,no shell access.Its worked fine
Actually, ftp only account is a misnomer. All it reduces to is a user account on the system with /usr/bin/false as shell or similar, to avoid successful login of this user using login, r*, ...
> is there any chance password locking
Yes, actually if you have enforced a max number of authentication tries (man 4 security - AUTH_MAXTRIES) ssh login failures are counted too (man 5 pam_hpsec).
> /usr/bin/false: No such file or directory
As pointed out, an ftp only user is still a valid user account but with /usr/bin/false as login shell, which will prevent access.
You can avoid ssh failed authentication attempts from being counted by denying access to specific users.
As already suggested by Steven Schweda, this can be done in the sshd_config file:
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1373872
Kind regards,
Kobylka