RE: [Nolug] ProFTPD help

From: John Souvestre <johns_at_sstar.com>
Date: Tue, 9 Oct 2007 09:08:41 -0500
Message-ID: <008d01c80a7d$e57f3cd0$0d01010a@JohnS>

Hi Dustin.

SSH's SFTP. From what I gather, ProFTPD uses the OpenSSL/SSH stuff, thus there
needs to be a login shell which allows access to them. Even if you have a shell
which allows access to just them, you still need to CHROOT the shell else the
user can SFTP all over the place.

John

    John Souvestre - Southern Star & Integrated Data Systems - www.sstar.com

> -----Original Message-----
> From: owner-nolug@covington.redfishnetworks.com [mailto:owner-
> nolug@covington.redfishnetworks.com] On Behalf Of Dustin Puryear
> Sent: Tuesday, October 09, 2007 9:00 AM
> To: nolug@nolug.org
> Subject: Re: [Nolug] ProFTPD help
>
> No, I think you can do it. First, to clarify, do you mean FTP over SSL
> or SSH's sftp?
>
> If you mean SSH's sftp, then I believe you can modify
> ~/.ssh/authorized_keys to specify the exact command a user with a given
> public key can use. This should allow you to restrict them to only sftp.
>
> I'm sure there are other tricks. So, if you don't want to require the
> use of keys, then I'm sure a little login trickery could be done.
>
> --
> Puryear Information Technology, LLC
> Baton Rouge, LA * 225-706-8414
> http://www.puryear-it.com
>
> Author, "Best Practices for Managing Linux and UNIX Servers"
> http://www.puryear-it.com/pubs/linux-unix-best-practices
>
> Identity Management, LDAP, and Linux Integration
>
>
> John Souvestre wrote:
> > Hi Dustin.
> >
> > Yep. :)
> >
> > About the only thing I wasn't able to accomplish was to support SFTP. From
> what
> > I gather the user needs shell access to accomplish this. But we don't want
> to
> > give them shell access, just FTP.
> >
> > I did read about some commercial solutions (ssh2, WS-FTP server w/ ssh) but
> they
> > cost more than we would like. Rssh is an option in those cases where the
> > customer really needs it, but it is a bit messy.
> >
> > Oh well, you can't have everything! :)
> >
> > John
> >
> > John Souvestre - Southern Star & Integrated Data Systems -
> www.sstar.com
> >
> >
> > > -----Original Message-----
> > > From: owner-nolug@covington.redfishnetworks.com [mailto:owner-
> > > nolug@covington.redfishnetworks.com] On Behalf Of Dustin Puryear
> > > Sent: Tuesday, October 09, 2007 8:34 AM
> > > To: nolug@nolug.org
> > > Subject: Re: [Nolug] ProFTPD help
> > >
> > > No problem. Glad you got it resolved. So what was the problem? :)
> > >
> > > --
> > > Puryear Information Technology, LLC
> > > Baton Rouge, LA * 225-706-8414
> > > http://www.puryear-it.com
> > >
> > > Author, "Best Practices for Managing Linux and UNIX Servers"
> > > http://www.puryear-it.com/pubs/linux-unix-best-practices
> > >
> > > Identity Management, LDAP, and Linux Integration
> > >
> > >
> > > John Souvestre wrote:
> > > > Hi Dustin.
> > > >
> > > > Yes, I've pretty well got it worked out. Thanks!
> > > >
> > > > John
> > > >
> > > > John Souvestre - Southern Star & Integrated Data Systems -
> > > www.sstar.com
> > > >
> > > > > -----Original Message-----
> > > > > From: owner-nolug@covington.redfishnetworks.com [mailto:owner-
> > > > > nolug@covington.redfishnetworks.com] On Behalf Of Dustin Puryear
> > > > > Sent: Monday, October 08, 2007 9:02 PM
> > > > > To: nolug@nolug.org
> > > > > Subject: Re: [Nolug] ProFTPD help
> > > > >
> > > > > Hi John. I'll be sure to give you a ring tomorrow, but it's a tad
> late
> > > > > to do so now. Did you get this resolved?
> > > > >
> > > > > --
> > > > > Puryear Information Technology, LLC
> > > > > Baton Rouge, LA * 225-706-8414
> > > > > http://www.puryear-it.com
> > > > >
> > > > > Author, "Best Practices for Managing Linux and UNIX Servers"
> > > > > http://www.puryear-it.com/pubs/linux-unix-best-practices
> > > > >
> > > > > Identity Management, LDAP, and Linux Integration
> > > > >
> > > > >
> > > > > John Souvestre wrote:
> > > > > > Hi all.
> > > > > >
> > > > > > I'm having some trouble getting ProFTPD setup the way I need it.
> > > Since I
> > > > > have a
> > > > > > customer pushing me to get it done, and I don't have the time to
> > > research
> > > > > it
> > > > > > properly, I'm interested in paying for some consulting time if
> there
> > > is
> > > > > anyone
> > > > > > who could assist me.
> > > > > >
> > > > > > I need help getting file and directory permissions set correctly,
> > > setting
> > > > > > different options (overwrite, read, etc...) for different users,
> SFTP
> > > with
> > > > > no
> > > > > > shell access, and a few other things.
> > > > > >
> > > > > > If you can help please give me a call at 504-258-6247 (cell).
> > > > > >
> > > > > > Thanks!
> > > > > >
> > > > > > John
> > > > > >
> > > > > > John Souvestre - Southern Star & Integrated Data Systems -
> > > > > www.sstar.com
> > > > > >
> > > > > >
> > > > > >
> > > > > > ___________________
> > > > > > Nolug mailing list
> > > > > > nolug@nolug.org
> > > > > ___________________
> > > > > Nolug mailing list
> > > > > nolug@nolug.org
> > > >
> > > > ___________________
> > > > Nolug mailing list
> > > > nolug@nolug.org
> > > ___________________
> > > Nolug mailing list
> > > nolug@nolug.org
> >
> > ___________________
> > Nolug mailing list
> > nolug@nolug.org
> ___________________
> Nolug mailing list
> nolug@nolug.org

___________________
Nolug mailing list
nolug@nolug.org
Received on 10/09/07

This archive was generated by hypermail 2.2.0 : 12/19/08 EST