RE: [Nolug] ProFTPD help

From: John Souvestre <johns_at_sstar.com>
Date: Tue, 9 Oct 2007 09:37:03 -0500
Message-ID: <001501c80a81$dbbe9b60$0d01010a@JohnS>

Hi Dustin.

I didn't look into the FTP SSL setup, but if ProFTPD does support it I'd be
willing to bet that it uses OpenSSL to accomplish it.

John

    John Souvestre - Southern Star & Integrated Data Systems - www.sstar.com

> -----Original Message-----
> From: owner-nolug@covington.redfishnetworks.com [mailto:owner-
> nolug@covington.redfishnetworks.com] On Behalf Of Dustin Puryear
> Sent: Tuesday, October 09, 2007 9:16 AM
> To: nolug@nolug.org
> Subject: Re: [Nolug] ProFTPD help
>
> Something just doesn't sound right. I would think that ProFTPD is doing
> FTP over SSL, not SSH's sftp.
>
> --
> Puryear Information Technology, LLC
> Baton Rouge, LA * 225-706-8414
> http://www.puryear-it.com
>
> Author, "Best Practices for Managing Linux and UNIX Servers"
> http://www.puryear-it.com/pubs/linux-unix-best-practices
>
> Identity Management, LDAP, and Linux Integration
>
>
> John Souvestre wrote:
> > Hi Dustin.
> >
> > SSH's SFTP. From what I gather, ProFTPD uses the OpenSSL/SSH stuff, thus
> there
> > needs to be a login shell which allows access to them. Even if you have a
> shell
> > which allows access to just them, you still need to CHROOT the shell else
> the
> > user can SFTP all over the place.
> >
> > John
> >
> > John Souvestre - Southern Star & Integrated Data Systems -
> www.sstar.com
> >
> >
> > > -----Original Message-----
> > > From: owner-nolug@covington.redfishnetworks.com [mailto:owner-
> > > nolug@covington.redfishnetworks.com] On Behalf Of Dustin Puryear
> > > Sent: Tuesday, October 09, 2007 9:00 AM
> > > To: nolug@nolug.org
> > > Subject: Re: [Nolug] ProFTPD help
> > >
> > > No, I think you can do it. First, to clarify, do you mean FTP over SSL
> > > or SSH's sftp?
> > >
> > > If you mean SSH's sftp, then I believe you can modify
> > > ~/.ssh/authorized_keys to specify the exact command a user with a given
> > > public key can use. This should allow you to restrict them to only sftp.
> > >
> > > I'm sure there are other tricks. So, if you don't want to require the
> > > use of keys, then I'm sure a little login trickery could be done.
> > >
> > > --
> > > Puryear Information Technology, LLC
> > > Baton Rouge, LA * 225-706-8414
> > > http://www.puryear-it.com
> > >
> > > Author, "Best Practices for Managing Linux and UNIX Servers"
> > > http://www.puryear-it.com/pubs/linux-unix-best-practices
> > >
> > > Identity Management, LDAP, and Linux Integration
> > >
> > >
> > > John Souvestre wrote:
> > > > Hi Dustin.
> > > >
> > > > Yep. :)
> > > >
> > > > About the only thing I wasn't able to accomplish was to support SFTP.
> From
> > > what
> > > > I gather the user needs shell access to accomplish this. But we don't
> want
> > > to
> > > > give them shell access, just FTP.
> > > >
> > > > I did read about some commercial solutions (ssh2, WS-FTP server w/
> ssh) but
> > > they
> > > > cost more than we would like. Rssh is an option in those cases where
> the
> > > > customer really needs it, but it is a bit messy.
> > > >
> > > > Oh well, you can't have everything! :)
> > > >
> > > > John
> > > >
> > > > John Souvestre - Southern Star & Integrated Data Systems -
> > > www.sstar.com
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: owner-nolug@covington.redfishnetworks.com [mailto:owner-
> > > > > nolug@covington.redfishnetworks.com] On Behalf Of Dustin Puryear
> > > > > Sent: Tuesday, October 09, 2007 8:34 AM
> > > > > To: nolug@nolug.org
> > > > > Subject: Re: [Nolug] ProFTPD help
> > > > >
> > > > > No problem. Glad you got it resolved. So what was the problem? :)
> > > > >
> > > > > --
> > > > > Puryear Information Technology, LLC
> > > > > Baton Rouge, LA * 225-706-8414
> > > > > http://www.puryear-it.com
> > > > >
> > > > > Author, "Best Practices for Managing Linux and UNIX Servers"
> > > > > http://www.puryear-it.com/pubs/linux-unix-best-practices
> > > > >
> > > > > Identity Management, LDAP, and Linux Integration
> > > > >
> > > > >
> > > > > John Souvestre wrote:
> > > > > > Hi Dustin.
> > > > > >
> > > > > > Yes, I've pretty well got it worked out. Thanks!
> > > > > >
> > > > > > John
> > > > > >
> > > > > > John Souvestre - Southern Star & Integrated Data Systems -
> > > > > www.sstar.com
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: owner-nolug@covington.redfishnetworks.com [mailto:owner-
> > > > > > > nolug@covington.redfishnetworks.com] On Behalf Of Dustin
> Puryear
> > > > > > > Sent: Monday, October 08, 2007 9:02 PM
> > > > > > > To: nolug@nolug.org
> > > > > > > Subject: Re: [Nolug] ProFTPD help
> > > > > > >
> > > > > > > Hi John. I'll be sure to give you a ring tomorrow, but it's a
> tad
> > > late
> > > > > > > to do so now. Did you get this resolved?
> > > > > > >
> > > > > > > --
> > > > > > > Puryear Information Technology, LLC
> > > > > > > Baton Rouge, LA * 225-706-8414
> > > > > > > http://www.puryear-it.com
> > > > > > >
> > > > > > > Author, "Best Practices for Managing Linux and UNIX Servers"
> > > > > > > http://www.puryear-it.com/pubs/linux-unix-best-practices
> > > > > > >
> > > > > > > Identity Management, LDAP, and Linux Integration
> > > > > > >
> > > > > > >
> > > > > > > John Souvestre wrote:
> > > > > > > > Hi all.
> > > > > > > >
> > > > > > > > I'm having some trouble getting ProFTPD setup the way I need
> it.
> > > > > Since I
> > > > > > > have a
> > > > > > > > customer pushing me to get it done, and I don't have the
> time to
> > > > > research
> > > > > > > it
> > > > > > > > properly, I'm interested in paying for some consulting time
> if
> > > there
> > > > > is
> > > > > > > anyone
> > > > > > > > who could assist me.
> > > > > > > >
> > > > > > > > I need help getting file and directory permissions set
> correctly,
> > > > > setting
> > > > > > > > different options (overwrite, read, etc...) for different
> users,
> > > SFTP
> > > > > with
> > > > > > > no
> > > > > > > > shell access, and a few other things.
> > > > > > > >
> > > > > > > > If you can help please give me a call at 504-258-6247
> (cell).
> > > > > > > >
> > > > > > > > Thanks!
> > > > > > > >
> > > > > > > > John
> > > > > > > >
> > > > > > > > John Souvestre - Southern Star & Integrated Data Systems
> -
> > > > > > > www.sstar.com
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > ___________________
> > > > > > > > Nolug mailing list
> > > > > > > > nolug@nolug.org
> > > > > > > ___________________
> > > > > > > Nolug mailing list
> > > > > > > nolug@nolug.org
> > > > > >
> > > > > > ___________________
> > > > > > Nolug mailing list
> > > > > > nolug@nolug.org
> > > > > ___________________
> > > > > Nolug mailing list
> > > > > nolug@nolug.org
> > > >
> > > > ___________________
> > > > Nolug mailing list
> > > > nolug@nolug.org
> > > ___________________
> > > Nolug mailing list
> > > nolug@nolug.org
> >
> > ___________________
> > Nolug mailing list
> > nolug@nolug.org
> ___________________
> Nolug mailing list
> nolug@nolug.org

___________________
Nolug mailing list
nolug@nolug.org
Received on 10/09/07

This archive was generated by hypermail 2.2.0 : 12/19/08 EST