- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Access control on sftp
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2005 11:03 AM
тАО06-15-2005 11:03 AM
I want to put IP and user restriction for SFTP and FTP server. OS if Fedora core 2.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2005 11:17 AM
тАО06-15-2005 11:17 AM
Re: Access control on sftp
You can either firewall port 21 out, or use the '/etc/hosts.allow' / '/etc/hosts.deny' tcp wrappers.
'sftp' however is a different beast all together. As it's basically just an FTP interface to 'ssh', restricting IP addresses would also restrict them in using 'ssh'. If that's ok, then it's the same. Firewall port 22 out, or add tcpwrapper entries.
i.e.
/etc/hosts.deny:
vsftpd: ALL
/etc/hosts.allow:
vsftpd:
see 'man hosts_access' for more details on how TCP wrappers work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2005 04:09 PM
тАО06-15-2005 04:09 PM
SolutionThe problem there is even if you trap the ctrl-c or ctrl-break keystroke there may ways for your users to break out.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2005 04:40 PM
тАО06-15-2005 04:40 PM
Re: Access control on sftp
So I guess clarification is in order.
Do you want to put restrictions on your usings FTPing out of your server?
or restrictions on users accessing your server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2005 05:27 PM
тАО06-15-2005 05:27 PM
Re: Access control on sftp
can you please be more specific. as stuart mentioned it is not very clear about your objective.
*if you want to block ip access to your ftp server then you can do so by hosts access list(/etc/hosts.allow and /etc/hosts.deny) or by using iptables firewall. You can do the same to deny sftp access.
*if you want to deny access to particular user logins through ftp then you can do so by adding the login ids in /etc/vsftpd/ftpusers
I am not sure of sftp though.
Regards,
Gopi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2005 06:32 PM
тАО06-15-2005 06:32 PM
Re: Access control on sftp
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2005 06:39 PM
тАО06-15-2005 06:39 PM
Re: Access control on sftp
As for restricting what users can FTP in, that's different.
I don't believe 'sftp' (via ssh) can do such restrictions, but 'vsftpd' most certainly can in the '/etc/vsftpd/vsftpd.conf'.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2005 06:45 PM
тАО06-15-2005 06:45 PM
Re: Access control on sftp
so what i have told you holds true. use /etc/hosts.allow and /etc/hosts.deny for access restriction based on ip address. or you can use iptables to block the port
and if you want to restrict users by login id, then you can do so by adding them in /etc/vsftpd/ftpusers
Hope this helps,
Gopi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-21-2005 10:42 AM
тАО06-21-2005 10:42 AM
Re: Access control on sftp
Also, you can modify the /etc/pam.d/sshd pam file and stack pam_listfile.so
auth required pam_listfile.so item=user sense=deny file=/etc/sftpusers
onerr=succeed
This should do the job.