HPE Community
Operating System - HP-UX
1753464 Members
4981 Online
108794 Solutions
New Discussion юеВ

2 psftp questions - /usr/bin/false & SCO unix.

 
SOLVED
Go to solution
Tim O'Connell
Regular Advisor

тАО02-27-2008 03:33 AM

тАО02-27-2008 03:33 AM

2 psftp questions - /usr/bin/false & SCO unix.

Hi All,

I have just installed SSH on my RP5430 HPUX 11i box. I have currently 1 ftp restricted user who is only allowed to ftp to a chrooted directory & uses /usr/bin/false. This has worked fine for the past couple of years but now I need to disable ftp/telnet & use putty/psftp. This restricted user is set up with a shell /usr/bin/false but this doesn't work with psftf as it needs a "proper" shell. Anyone recommend a good way to keep the user restricted to the one directory only but allow psftp.

Also, one of our sites has a SCO UNIX-SVR5 box which ftp's to the HPUX server every day. Anyone know if PSFTP is available for SCO.

Many Thanks,

Tim

0 Kudos
6 REPLIES 6
OldSchool
Honored Contributor

тАО02-27-2008 07:31 AM

тАО02-27-2008 07:31 AM

Re: 2 psftp questions - /usr/bin/false & SCO unix.

O've nothing on the first question (restricted user)

PSFTP is PuTTY's implementation of sftp. Installing ssh / sftp on the SCO box should be sufficient I would think. Might have to build from source code however (I haven't seen / touched SCO in over a decade, so I've no resources to check)
0 Kudos
Peter Nikitka
Honored Contributor

тАО02-27-2008 08:06 AM

тАО02-27-2008 08:06 AM

Re: 2 psftp questions - /usr/bin/false & SCO unix.

Hi,

1) you can try to add /usr/bin/false to /etc/shells (see 'man shells').

2) I your OpenServer version is 5.0.7 or later, there was (is?) an official version available - perhaps on one of the 'skunkware CD'.
For prior versions, you can look here:
http://www.aljex.com/bkw/sco/

You need a 'perl' for a succesful 'make install', which may not be available.

If there is no perl, produce the output file (ignore the man page stuff) under HP-UX, put it into the dist-tree an use
make install PERL=/bin/true

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
TTr
Honored Contributor

тАО02-27-2008 10:29 AM

тАО02-27-2008 10:29 AM

Solution

Re: 2 psftp questions - /usr/bin/false & SCO unix.

The psftp from the client goes through sshd on the server and sshd does not obey /usr/bin/false.

SSH provides and equivalent to use as a shell in /etc/passwd, it is /opt/ssh/libexec/sftp-server. No need to add it to /etc/shells either. This is for sftp setup only.

For chroot sftp use the utility script /opt/ssh/utils/ssh_chroot_setup.sh, it does a good job setting it up.
0 Kudos
TTr
Honored Contributor

тАО02-27-2008 10:48 AM

тАО02-27-2008 10:48 AM

Re: 2 psftp questions - /usr/bin/false & SCO unix.

The ssh-chroot_setup.sh is available after a certain ssh version so if you don't have it, you should get a newer ssh from the HP software web site.
0 Kudos
Peter Nikitka
Honored Contributor

тАО02-27-2008 11:16 AM

тАО02-27-2008 11:16 AM

Re: 2 psftp questions - /usr/bin/false & SCO unix.

Hi,

I forgot to add, that the SCO information refers to OpenSSH 3.5p1 .

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Tim O'Connell
Regular Advisor

тАО03-03-2008 04:43 AM

тАО03-03-2008 04:43 AM

Re: 2 psftp questions - /usr/bin/false & SCO unix.

Many Thanks - problem resolved re /usr/bin/false & chroot. Must download a version of psftf for unix & see if I can get it working on SCO.

Many Thanks,

Tim
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.