Re: [Nolug] ProFTPD help

From: Dustin Puryear <dustin_at_puryear-it.com>
Date: Tue, 09 Oct 2007 10:17:05 -0500
Message-ID: <470B9B71.3070405@puryear-it.com>

Oh, certainly. :)

--
Puryear Information Technology, LLC
Baton Rouge, LA * 225-706-8414
http://www.puryear-it.com
Author, "Best Practices for Managing Linux and UNIX Servers"
  http://www.puryear-it.com/pubs/linux-unix-best-practices
Identity Management, LDAP, and Linux Integration
John Souvestre wrote:
> Hi Dustin.
> 
> I didn't look into the FTP SSL setup, but if ProFTPD does support it I'd be
> willing to bet that it uses OpenSSL to accomplish it.
> 
> John
> 
>     John Souvestre - Southern Star & Integrated Data Systems - www.sstar.com
> 
> 
>  > -----Original Message-----
>  > From: owner-nolug@covington.redfishnetworks.com [mailto:owner-
>  > nolug@covington.redfishnetworks.com] On Behalf Of Dustin Puryear
>  > Sent: Tuesday, October 09, 2007 9:16 AM
>  > To: nolug@nolug.org
>  > Subject: Re: [Nolug] ProFTPD help
>  > 
>  > Something just doesn't sound right. I would think that ProFTPD is doing
>  > FTP over SSL, not SSH's sftp.
>  > 
>  > --
>  > Puryear Information Technology, LLC
>  > Baton Rouge, LA * 225-706-8414
>  > http://www.puryear-it.com
>  > 
>  > Author, "Best Practices for Managing Linux and UNIX Servers"
>  >   http://www.puryear-it.com/pubs/linux-unix-best-practices
>  > 
>  > Identity Management, LDAP, and Linux Integration
>  > 
>  > 
>  > John Souvestre wrote:
>  > > Hi Dustin.
>  > >
>  > > SSH's SFTP.  From what I gather, ProFTPD uses the OpenSSL/SSH stuff, thus
>  > there
>  > > needs to be a login shell which allows access to them.  Even if you have a
>  > shell
>  > > which allows access to just them, you still need to CHROOT the shell else
>  > the
>  > > user can SFTP all over the place.
>  > >
>  > > John
>  > >
>  > >     John Souvestre - Southern Star & Integrated Data Systems -
>  > www.sstar.com
>  > >
>  > >
>  > >  > -----Original Message-----
>  > >  > From: owner-nolug@covington.redfishnetworks.com [mailto:owner-
>  > >  > nolug@covington.redfishnetworks.com] On Behalf Of Dustin Puryear
>  > >  > Sent: Tuesday, October 09, 2007 9:00 AM
>  > >  > To: nolug@nolug.org
>  > >  > Subject: Re: [Nolug] ProFTPD help
>  > >  >
>  > >  > No, I think you can do it. First, to clarify, do you mean FTP over SSL
>  > >  > or SSH's sftp?
>  > >  >
>  > >  > If you mean SSH's sftp, then I believe you can modify
>  > >  > ~/.ssh/authorized_keys to specify the exact command a user with a given
>  > >  > public key can use. This should allow you to restrict them to only sftp.
>  > >  >
>  > >  > I'm sure there are other tricks. So, if you don't want to require the
>  > >  > use of keys, then I'm sure a little login trickery could be done.
>  > >  >
>  > >  > --
>  > >  > Puryear Information Technology, LLC
>  > >  > Baton Rouge, LA * 225-706-8414
>  > >  > http://www.puryear-it.com
>  > >  >
>  > >  > Author, "Best Practices for Managing Linux and UNIX Servers"
>  > >  >   http://www.puryear-it.com/pubs/linux-unix-best-practices
>  > >  >
>  > >  > Identity Management, LDAP, and Linux Integration
>  > >  >
>  > >  >
>  > >  > John Souvestre wrote:
>  > >  > > Hi Dustin.
>  > >  > >
>  > >  > > Yep.  :)
>  > >  > >
>  > >  > > About the only thing I wasn't able to accomplish was to support SFTP.
>  > From
>  > >  > what
>  > >  > > I gather the user needs shell access to accomplish this.  But we don't
>  > want
>  > >  > to
>  > >  > > give them shell access, just FTP.
>  > >  > >
>  > >  > > I did read about some commercial solutions (ssh2, WS-FTP server w/
>  > ssh) but
>  > >  > they
>  > >  > > cost more than we would like.  Rssh is an option in those cases where
>  > the
>  > >  > > customer really needs it, but it is a bit messy.
>  > >  > >
>  > >  > > Oh well, you can't have everything!  :)
>  > >  > >
>  > >  > > John
>  > >  > >
>  > >  > >     John Souvestre - Southern Star & Integrated Data Systems -
>  > >  > www.sstar.com
>  > >  > >
>  > >  > >
>  > >  > >  > -----Original Message-----
>  > >  > >  > From: owner-nolug@covington.redfishnetworks.com [mailto:owner-
>  > >  > >  > nolug@covington.redfishnetworks.com] On Behalf Of Dustin Puryear
>  > >  > >  > Sent: Tuesday, October 09, 2007 8:34 AM
>  > >  > >  > To: nolug@nolug.org
>  > >  > >  > Subject: Re: [Nolug] ProFTPD help
>  > >  > >  >
>  > >  > >  > No problem. Glad you got it resolved. So what was the problem? :)
>  > >  > >  >
>  > >  > >  > --
>  > >  > >  > Puryear Information Technology, LLC
>  > >  > >  > Baton Rouge, LA * 225-706-8414
>  > >  > >  > http://www.puryear-it.com
>  > >  > >  >
>  > >  > >  > Author, "Best Practices for Managing Linux and UNIX Servers"
>  > >  > >  >   http://www.puryear-it.com/pubs/linux-unix-best-practices
>  > >  > >  >
>  > >  > >  > Identity Management, LDAP, and Linux Integration
>  > >  > >  >
>  > >  > >  >
>  > >  > >  > John Souvestre wrote:
>  > >  > >  > > Hi Dustin.
>  > >  > >  > >
>  > >  > >  > > Yes, I've pretty well got it worked out.  Thanks!
>  > >  > >  > >
>  > >  > >  > > John
>  > >  > >  > >
>  > >  > >  > >     John Souvestre - Southern Star & Integrated Data Systems -
>  > >  > >  > www.sstar.com
>  > >  > >  > >
>  > >  > >  > >  > -----Original Message-----
>  > >  > >  > >  > From: owner-nolug@covington.redfishnetworks.com [mailto:owner-
>  > >  > >  > >  > nolug@covington.redfishnetworks.com] On Behalf Of Dustin
>  > Puryear
>  > >  > >  > >  > Sent: Monday, October 08, 2007 9:02 PM
>  > >  > >  > >  > To: nolug@nolug.org
>  > >  > >  > >  > Subject: Re: [Nolug] ProFTPD help
>  > >  > >  > >  >
>  > >  > >  > >  > Hi John. I'll be sure to give you a ring tomorrow, but it's a
>  > tad
>  > >  > late
>  > >  > >  > >  > to do so now. Did you get this resolved?
>  > >  > >  > >  >
>  > >  > >  > >  > --
>  > >  > >  > >  > Puryear Information Technology, LLC
>  > >  > >  > >  > Baton Rouge, LA * 225-706-8414
>  > >  > >  > >  > http://www.puryear-it.com
>  > >  > >  > >  >
>  > >  > >  > >  > Author, "Best Practices for Managing Linux and UNIX Servers"
>  > >  > >  > >  >   http://www.puryear-it.com/pubs/linux-unix-best-practices
>  > >  > >  > >  >
>  > >  > >  > >  > Identity Management, LDAP, and Linux Integration
>  > >  > >  > >  >
>  > >  > >  > >  >
>  > >  > >  > >  > John Souvestre wrote:
>  > >  > >  > >  > > Hi all.
>  > >  > >  > >  > >
>  > >  > >  > >  > > I'm having some trouble getting ProFTPD setup the way I need
>  > it.
>  > >  > >  > Since I
>  > >  > >  > >  > have a
>  > >  > >  > >  > > customer pushing me to get it done, and I don't have the
>  > time to
>  > >  > >  > research
>  > >  > >  > >  > it
>  > >  > >  > >  > > properly, I'm interested in paying for some consulting time
>  > if
>  > >  > there
>  > >  > >  > is
>  > >  > >  > >  > anyone
>  > >  > >  > >  > > who could assist me.
>  > >  > >  > >  > >
>  > >  > >  > >  > > I need help getting file and directory permissions set
>  > correctly,
>  > >  > >  > setting
>  > >  > >  > >  > > different options (overwrite, read, etc...) for different
>  > users,
>  > >  > SFTP
>  > >  > >  > with
>  > >  > >  > >  > no
>  > >  > >  > >  > > shell access, and a few other things.
>  > >  > >  > >  > >
>  > >  > >  > >  > > If you can help please give me a call at 504-258-6247
>  > (cell).
>  > >  > >  > >  > >
>  > >  > >  > >  > > Thanks!
>  > >  > >  > >  > >
>  > >  > >  > >  > > John
>  > >  > >  > >  > >
>  > >  > >  > >  > >     John Souvestre - Southern Star & Integrated Data Systems
>  > -
>  > >  > >  > >  > www.sstar.com
>  > >  > >  > >  > >
>  > >  > >  > >  > >
>  > >  > >  > >  > >
>  > >  > >  > >  > > ___________________
>  > >  > >  > >  > > Nolug mailing list
>  > >  > >  > >  > > nolug@nolug.org
>  > >  > >  > >  > ___________________
>  > >  > >  > >  > Nolug mailing list
>  > >  > >  > >  > nolug@nolug.org
>  > >  > >  > >
>  > >  > >  > > ___________________
>  > >  > >  > > Nolug mailing list
>  > >  > >  > > nolug@nolug.org
>  > >  > >  > ___________________
>  > >  > >  > Nolug mailing list
>  > >  > >  > nolug@nolug.org
>  > >  > >
>  > >  > > ___________________
>  > >  > > Nolug mailing list
>  > >  > > nolug@nolug.org
>  > >  > ___________________
>  > >  > Nolug mailing list
>  > >  > nolug@nolug.org
>  > >
>  > > ___________________
>  > > Nolug mailing list
>  > > nolug@nolug.org
>  > ___________________
>  > Nolug mailing list
>  > nolug@nolug.org
> 
> ___________________
> Nolug mailing list
> nolug@nolug.org
___________________
Nolug mailing list
nolug@nolug.org
Received on 10/09/07

This archive was generated by hypermail 2.2.0 : 12/19/08 EST