?
Solved

Linux security: limiting FTP users from logging in with telnet/ssh

Posted on 2001-06-12
3
Medium Priority
?
292 Views
Last Modified: 2010-03-18
Hi there,

I have a linux 6.2 box, for web hosting, and I am using proFTP for users to access their account. Each account is listed as a system user.

I am not wanting to provide shell access via telnet or SSH to any client, but have SSH available for my own login.

I am wondering if there is a location within SSH where I can allow only one login name (I have already disabled root login in SSH) to be able to access the system.

Any tips on this?

Thanks!
0
Comment
Question by:rapidhost
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
Haho earned 150 total points
ID: 6184873
to do this,
you should NOT let any ftp users have a valid shell.
for example:

*** ftpweb is a ftp only customer ***

ftpweb:*:1010:400:FTP Account:/home/ftp/ftpweb/./:/etc/ftponly

where upon SSH / telnet login attempts, it will execute "ftponly" script where ftponly script shows a warning message and denies login.

The ftponly script:

#!/bin/sh
#
# ftponly shell
#
trap "/bin/echo Sorry; exit 0" 1 2 3 4 5 6 7 10 15
#
IFS=""
Admin=secure@mydomain.com
#
/bin/echo
/bin/echo "********************************************************************"
/bin/echo "    You are NOT allowed interactive access."
/bin/echo
/bin/echo "     User accounts are restricted to ftp and web access."
/bin/echo
/bin/echo "  Direct questions concerning this policy to $Admin."
/bin/echo "********************************************************************"
/bin/echo
#
# C'ya
#
exit 0
0
 
LVL 1

Expert Comment

by:Haho
ID: 6184880
an added protection is to use tcpwrappers, put SSH into inetd.conf and this will allow IP based authentication in addition to username authentication. :)
0
 

Author Comment

by:rapidhost
ID: 6185535
Thanks to both of you for your suggestions!
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses
Course of the Month10 days, 22 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question