HPE Community
Operating System - HP-UX
1823131 Members
3701 Online
109646 Solutions
New Discussion юеВ

Re: SFTP with /usr/bin/false or /sbin/false

 
Ivan_86
Frequent Advisor

тАО06-07-2006 04:35 AM

тАО06-07-2006 04:35 AM

SFTP with /usr/bin/false or /sbin/false

Hi,
I configure SFTP with chroot jail, in the L2000 with 11.iv1

I want to create an sftp user, i create user with /usr/bin/false as shell user. when i test the connection using sftp , it didn't work. if i change the shell, /bin/sh ie normale shell , it work. Just work with /bin/sh,
but i need to have a user who can do ftp only and the same user can't connected via login.

Too configure the file /etc/shells, this file contain the next :
# more /etc/shells
/usr/bin/sh
/usr/bin/ksh
/usr/bin/csh
/sbin/sh
/usr/bin/false
/sbin/false

In the inetd.conf configure the next line
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a 022

The entry of the user in the passwd is this:

appuser:V/ZjljOq236MU:121:20:Prueba usuario SFTP:/newroot/./home/appuser:/bin/fa
lse

please can i have suggestion.


regards
0 Kudos
Reply
10 REPLIES 10
Joseph C. Denman
Honored Contributor

тАО06-07-2006 04:51 AM

тАО06-07-2006 04:51 AM

Re: SFTP with /usr/bin/false or /sbin/false

Be sure to add /usr/bin/false to /etc/shells


...jcd...
If I had only read the instructions first??
0 Kudos
Reply
Ivan_86
Frequent Advisor

тАО06-07-2006 04:53 AM

тАО06-07-2006 04:53 AM

Re: SFTP with /usr/bin/false or /sbin/false

Yes i be sure.

# more /etc/shells
/usr/bin/sh
/usr/bin/ksh
/usr/bin/csh
/sbin/sh
/usr/bin/false
/sbin/false
0 Kudos
Reply
Joseph C. Denman
Honored Contributor

тАО06-07-2006 04:54 AM

тАО06-07-2006 04:54 AM

Re: SFTP with /usr/bin/false or /sbin/false

Looks like the entry in the passwd file is /bin/fa ???? I should be /usr/bin/false.

...jcd...
If I had only read the instructions first??
0 Kudos
Reply
Darrel Louis
Honored Contributor

тАО06-07-2006 04:54 AM

тАО06-07-2006 04:54 AM

Re: SFTP with /usr/bin/false or /sbin/false

Hi,

FTP and SFTP are making use of two different protocols.
SFTP won't make use of /etc/ftpd/ftpaccess file.
Both should work, but we're making use of /usr/bin/false.
What are really using ftp or sftp?

Darrel
0 Kudos
Reply
Ivan_86
Frequent Advisor

тАО06-07-2006 04:58 AM

тАО06-07-2006 04:58 AM

Re: SFTP with /usr/bin/false or /sbin/false

Thanks for you respons

Darrel, I use SFTP

Joseph, the line is bad copy
appuser:V/ZjljOq236MU:121:20:Prueba usuario SFTP:/newroot/./home/appuser:/bin/false
0 Kudos
Reply
Joseph C. Denman
Honored Contributor

тАО06-07-2006 05:08 AM

тАО06-07-2006 05:08 AM

Re: SFTP with /usr/bin/false or /sbin/false

You don't have /bin/false in /etc/shells.

...jcd...
If I had only read the instructions first??
0 Kudos
Reply
Darrel Louis
Honored Contributor

тАО06-07-2006 05:10 AM

тАО06-07-2006 05:10 AM

Re: SFTP with /usr/bin/false or /sbin/false

Ivan,

It works as it should, if you try to ftp to the server, with /usr/bin/false, you can ftp your data.

This is what I get:
$ scp score_tool-hpux.sh hosta:
lost connection
$ ssh hosta
Last login: Wed Jun 7 19:07:07 2006 from hostb
Connection to acen51 closed.

Darrel
0 Kudos
Reply
Ivan_86
Frequent Advisor

тАО06-07-2006 05:51 AM

тАО06-07-2006 05:51 AM

Re: SFTP with /usr/bin/false or /sbin/false


I add /bin/false in the /etc/shells

# more /etc/shells
/usr/bin/sh
/usr/bin/ksh
/usr/bin/csh
/sbin/sh
/usr/bin/false
/sbin/false
/bin/false

The user in the passwd is :

appuser:V/ZjljOq236MU:121:20:Prueba usuario SFTP:/newroot/./home/appuser:/bin/false

Whe i try connected show this :

# sftp -oPort=9378 appuser@10.199.11.138
Connecting to 10.199.11.138...
Password:
Connection closed
0 Kudos
Reply
Darrel Louis
Honored Contributor

тАО06-07-2006 07:05 AM

тАО06-07-2006 07:05 AM

Re: SFTP with /usr/bin/false or /sbin/false

Ivan,

Try ftp
Check what the results are.
Sftp is using the same protocol/port as ssh.

Darrel
0 Kudos
Reply
Joseph C. Denman
Honored Contributor

тАО06-08-2006 02:12 AM

тАО06-08-2006 02:12 AM

Re: SFTP with /usr/bin/false or /sbin/false

Hmmm.... Does sftp require a shell when logging in????? As Darrell stated, try to FTP to the system and post your result.

...jcd...
If I had only read the instructions first??
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.