HPE Community
Operating System - HP-UX
1833372 Members
3156 Online
110052 Solutions
New Discussion

Secure FTP server

 
Mike Manley
Occasional Contributor

‎11-29-2000 12:16 PM

‎11-29-2000 12:16 PM

Secure FTP server

Have an S800 HP-UX 11.0 system being set up as a dedicated FTP server. Have converted it to a Trusted System. Unfortunately, after adding a new user, they cannot login (using FTP) until they have Telneted in and changed their password. Is there any simple way to add a new FTP user, assign them a password, and then let them login using FTP only? Or will I have to convert back to an unTrusted System?
0 Kudos
Reply
4 REPLIES 4
Rita C Workman
Honored Contributor

‎11-29-2000 12:32 PM

‎11-29-2000 12:32 PM

Re: Secure FTP server

I set up a dedicated server for FTP only access.
First I set the inetd.conf to log everything and to access the ftpaccess file (ftpd stream ~ -l -a) and don't forget to set the netdaemons for this INETD_ARGS I think.
Then I set the /var/adm/inetd.sec to only allow ftp.

Then to get creative I created my users, changed the /etc/passwd file for each user to (chroot) to a sub directory: uid:*::::/home/user/subdir/./:/usr/bin/ksh
Under the users home directoru I created and copied
/home/user/usr/bin/ls from /sbin/ls
/home/usr/usr/bin/pwd from /usr/bin/pwd

Then I copied from /usr/newconfig/etc/ftpd/ftpaccess
to /etc/ftpd/ftpaccess and edited the file according to what I wanted done. Put them all into a sort of guest group with limited rights.

Basically, it's pretty much the same setup as what is mentioned in HP's Installing & Administering Internet Services configuration of an Anonymous FTP - except that I set my ftpaccess file to stop anonymous ftps and only allow actual logins...By doing the above it kept these outside vendors from playing around and limited them to their home directory and only their files. Hope I didn't miss anything, I did this once...awhile back.

regards,
0 Kudos
Reply
Mike Manley
Occasional Contributor

‎11-29-2000 12:57 PM

‎11-29-2000 12:57 PM

Re: Secure FTP server

Thanks for the response. I was very paranoid when constucting the server. The system is built following the guide "Building a Bastion Host Using HP-UX 11" by Kevin Steves. However, the Trusted System's methodology for password management (requiring an initial password change by the user) complicates user administration terribly. What I am looking for is a way to add an FTP user account without them having to first Telnet in and change their password.
0 Kudos
Reply
Maureen Gunkel
Trusted Contributor

‎11-29-2000 01:47 PM

‎11-29-2000 01:47 PM

Re: Secure FTP server

Greg:
If you are supplying them with the login/password, perhaps you can do the initial login and change their password before notifying them that their account is active.
Just a thought.
No matter where you go, there you are.
0 Kudos
Reply
Mike Manley
Occasional Contributor

‎11-29-2000 02:41 PM

‎11-29-2000 02:41 PM

Re: Secure FTP server

Thanks for the input. That thought had crossed my mind. Part of the account setup would be to have the Administrator Telnet in and do the initial password change for them. Short of converting from a Trusted Server to an unTrusted server (which I don't want to do) that seems to be the only answer.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.