HPE Community
Operating System - Linux
1828372 Members
2995 Online
109976 Solutions
New Discussion

ftp login

 
SOLVED
Go to solution
Chakravarthi
Trusted Contributor

‎03-07-2006 10:29 PM

‎03-07-2006 10:29 PM

ftp login

hi,

i want to create a account in a redhat linux box which is used only for ftp(wu-ftp) purpose and i should not be able to login using telnet or ssh using this login.

please give suggestions.

regards
chakri
0 Kudos
8 REPLIES 8
kcpant
Trusted Contributor

‎03-07-2006 10:53 PM

‎03-07-2006 10:53 PM

Re: ftp login

hi,

you can edit allow & deny entries of the services you want to be given access or restriction for specific user.
PreSales Specialist
0 Kudos
Ivan Ferreira
Honored Contributor

‎03-07-2006 10:55 PM

‎03-07-2006 10:55 PM

Re: ftp login

Use /bin/false or /sbin/nologin as the user shell (depends of which one exist on your system). Ensure that the shell selected is included in /etc/shells.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Alexander Chuzhoy
Honored Contributor

‎03-07-2006 11:02 PM

‎03-07-2006 11:02 PM

Re: ftp login

Use useradd -s /sbin/nologin "username"
when you create users for FTP logins.
0 Kudos
Chakravarthi
Trusted Contributor

‎03-07-2006 11:07 PM

‎03-07-2006 11:07 PM

Re: ftp login

hi,

sorry i forgot to mention that i'm using sftp not ftp, and given solution is not working for sftp.

any more suggestions?

-chakri
0 Kudos
Ajay Agarwal
Frequent Advisor

‎03-07-2006 11:38 PM

‎03-07-2006 11:38 PM

Re: ftp login

You can create an ftpuser minus shell. Check out the details at the following url:

http://www.linux.com/guides/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap29sec295.shtml
0 Kudos
Sergejs Svitnevs
Honored Contributor

‎03-07-2006 11:46 PM

‎03-07-2006 11:46 PM

Solution

Re: ftp login

You should build chrooted environnment for sftp, create a new user and change their shell to restricted ssh.

Check out the following link:
http://gentoo-wiki.com/HOWTO_SFTP_Server_(chrooted,_without_shell)

Regards,
Sergejs
0 Kudos
Ivan Ferreira
Honored Contributor

‎03-08-2006 12:43 AM

‎03-08-2006 12:43 AM

Re: ftp login

You said wu-ftpd first, but anyway, to do that, you must use public key authentication.

After you created your public key pairs, copy id_dsa.pub to the remote host in $HOME/.ssh/authorized_keys. Once you get public key authentication working, edit the authorized_keys file and add the command= option before the key, like this:

command="/usr/local/sbin/ssh-dummy-shell" ssh-dss AAAASDF.....


Create the ssh-dummy-shell script:

if [ "$SSH_ORIGINAL_COMMAND" = "/usr/libexec/openssh/sftp-server" ]
then
/usr/libexec/openssh/sftp-server
else
echo "Restricted"
fi

Change the permissions to the file

chmod 755 /usr/local/sbin/ssh-dummy-shell

Have fun.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Chakravarthi
Trusted Contributor

‎03-08-2006 05:49 PM

‎03-08-2006 05:49 PM

Re: ftp login

Thank you all for the response
-chakri
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.