Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Some questions related to ftp access. 2

Status
Not open for further replies.
marcq

marcq

Technical User
Aug 18, 2011
34
PL
Hello.
I have following questions.
(Let's assume we're talking about linux/unix os)
1. How to configure ftp user so that the same user will have different access rights depending on the hosts it is logging from?
I mean for example. I have machine A where ftp user "someone" has it's account and ftp directory.
Assume we have host B and C. I'd like to allow list directory for the user /home/someone when connecting from B and don't display content when using list command when from host C.
In general is it possible to define different levels of access when connecting from different ips or networks for the same user?

2. When creating ftp user. In /etc/passwd we remove shell for the user to not allow any other access like ssh/telnet.
However. I tested and noticed that when doing ssh the password prompt is returned. Of course when putting right password the access
is not allowed anyway.
Question. Is there a way of disable also this prompt to not give the feeling to the user that he is trying to login but putting wrong password?

Do you know any nice doc or online book or tutorial covering ftp staff completely with examples?




 
Sort by date Sort by votes
1) I don't think your going to be able to do this unless the FTP server application supports host name as part of the authentication. For example, MySQL uses user@host or allows wild cards.
2) two suggestions. First, I would try adjusting the allowed users in the SSH configuration. I don't know if this will work, but I would try it. Second, turn off password based SSH and go with key based authentication only. A side effect would be that your SSH is infinitely more secure.
 
Upvote 0 Downvote
Thank you Noway2 for suggestions. I will check them more deeply. Eventually let you know the results.
 
Upvote 0 Downvote
If you have a later OpenSSH version, you can configure sftp jailed accounts.
No ssh, will not even give the indication it is available.

You can define by group to use the sftp-server. And you will make a change in the sshd_config file to use the newer sftp-server.
Lots of posts out there, won't be hard to find. My experience is that the sftp-server is solid in OpenSSH versions 5.9p1 and above.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

donald lepariku
  • Locked
  • Question
Error: 694, Severity: 24, State: 10 An attempt was made to read logical page '153', virtpage '616' f 1
Replies
3
Views
188
spamjim
spamjim
kasperelectronics
  • Locked
  • Question
Desktop streaming from a server to low power front end device e.g. RasPi
Replies
0
Views
84
kasperelectronics
kasperelectronics
Edwin Reyes
  • Locked
  • Question
High CPU utilization Linux Server due to mysql
Replies
1
Views
123
spamjim
spamjim
waydown
  • Locked
  • Question
Unable to connect to server
Replies
4
Views
141
RhythmAce
RhythmAce
fayevalentine
  • Locked
  • Question
cannot access shared folder 1
Replies
2
Views
75
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top