?
Solved

Securing FTP Servers

Posted on 2006-05-11
13
Medium Priority
?
358 Views
Last Modified: 2010-04-20
Hello!

There's a Python script called Hostsdeny which blocks unauthorized login attempts to the SSH server. It allows a certain number of login attempts and then permanently blocks the person's IP or hostname after too many login attempts...

I'm wondering if there's something similar for ProFTP?
0
Comment
Question by:Julian Matz
  • 6
  • 6
13 Comments
 
LVL 16

Accepted Solution

by:
xDamox earned 1200 total points
ID: 16662002
Hi,

I think you can use a tool called pam_abl you can enable it on Proftpd if you compiled proftpd with PAM
support:

http://www.hexten.net/pam_abl/
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 16663522
I don't have an answer to your Question, but I do have to wonder why you'd use plain ol' FTP when the SSH suite supports Secure FTP (SFTP).
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 16663568
Yes, I have been planning on looking into SFTP. Can you recommend any good SFTP servers?
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 34

Expert Comment

by:PsiCop
ID: 16663588
Open Source/Freeware --> http://www.openssh.org

Commercial Implementation --> http://www.tectia.com

Closed Source/Commercial --> http://www.ssh.com
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 16663644
Ok, I may have misunderstood... I know about SSH, using it as sftp and all that but the problem is I cannot hand out SSH logins to every virtual host on my server. I don't know exactly how it would work, but it would probably need to run on a separate port... Is it possible to simply replace the proftpd server with an sftp server??
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 16663667
Yes. SSH/SFTP will use the same authentication that ProFTPd would have. I'm not sure I understand the difference between handing out ProFTPd logins and SFTP logins.

If you're worried that by giving users SFTP you also give them shell access via SSH, then you can address that quite reasonable concern with rssh (http://www.pizzashack.org/rssh).
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 16663720
Well, on my server it's not possible for FTP users to login into SSH/SFTP. Basically, an FTP user can only edit or upload files that are located within their home directory or sub-directories and if the FTP user has ownership of these files. It runs chroot-ed.

As far as I know SSH uses /etc/passwd/ for authentication?? but none of the FTP users are listed there...
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 16663750
Ah. The OpenSSH sshd server can use PAM. But yes, lacking that, it uses /etc/passwd
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 16663791
Well, actually I do have PAM, and the SSH config file has 'usePAM yes', so maybe it does use PAM, but I'm not really sure of how PAM actually works...
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 16663809
SFTP is merely an additional service of SSH. It transfers files instead of providing an interactive shell session.
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 16663882
Ya, I know, but I don't know enough about it to be able to offer it to my clients...
For example, I have used sFTP myself, not as root user, just a regular user without priviledges, but I was able to skip around all sorts of files and folders. I wasn't able to edit them, but was able to download them. Whereas with FTP, a user cannot leave their home directory... Does this make sense??

I use server admin software similar to Plesk which creates all virtual hosts. On this I can enable SSH access for certain users, but the default is that they have no access to port 22. Just FTP on 21.
0
 
LVL 34

Assisted Solution

by:PsiCop
PsiCop earned 800 total points
ID: 16664023
Ah, then you need the chroot "helper" in rssh to impose chroot-like funtionality on SFTP clients.
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 16895963
Thanks for all your help!
-Julian.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses
Course of the Month16 days, 9 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question