Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Some questions related to ftp access. 2

Status
Not open for further replies.

marcq

Technical User
Aug 18, 2011
34
PL
Hello.
I have following questions.
(Let's assume we're talking about linux/unix os)
1. How to configure ftp user so that the same user will have different access rights depending on the hosts it is logging from?
I mean for example. I have machine A where ftp user "someone" has it's account and ftp directory.
Assume we have host B and C. I'd like to allow list directory for the user /home/someone when connecting from B and don't display content when using list command when from host C.
In general is it possible to define different levels of access when connecting from different ips or networks for the same user?

2. When creating ftp user. In /etc/passwd we remove shell for the user to not allow any other access like ssh/telnet.
However. I tested and noticed that when doing ssh the password prompt is returned. Of course when putting right password the access
is not allowed anyway.
Question. Is there a way of disable also this prompt to not give the feeling to the user that he is trying to login but putting wrong password?

Do you know any nice doc or online book or tutorial covering ftp staff completely with examples?




 
1) I don't think your going to be able to do this unless the FTP server application supports host name as part of the authentication. For example, MySQL uses user@host or allows wild cards.
2) two suggestions. First, I would try adjusting the allowed users in the SSH configuration. I don't know if this will work, but I would try it. Second, turn off password based SSH and go with key based authentication only. A side effect would be that your SSH is infinitely more secure.
 
Thank you Noway2 for suggestions. I will check them more deeply. Eventually let you know the results.
 
If you have a later OpenSSH version, you can configure sftp jailed accounts.
No ssh, will not even give the indication it is available.

You can define by group to use the sftp-server. And you will make a change in the sshd_config file to use the newer sftp-server.
Lots of posts out there, won't be hard to find. My experience is that the sftp-server is solid in OpenSSH versions 5.9p1 and above.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top