Security Basics mailing list archives
RE: sftp vs ftp with ssl
From: Glenn English <ghe () slsware com>
Date: 08 Aug 2003 16:06:50 -0600
On Fri, 2003-08-08 at 14:27, Skibi de LaPies wrote:
OK, that's not a problem, but when they have shell (/bin/sh) they can
work
remotely (that is not what I want) and when they do not have a
interactive
shell (entry in /etc/passwd shows /bin/false) they cannot login either
to
ssh or sftp.
No, they can't. To access a machine through ssh, there must be a valid username, password, home directory, and shell. ssh is nothing more than a fancy telnet/rsh, and it has to be possible for the user to operate the machine before the ssh daemon can complete the connection. And sftp rides on ssh.
Maybe I'm doing something wrong, because I use the default sftp
service
which is in OpenSSH: (/etc/ssh/sshd_config)Subsystem sftp /usr/libexec/openssh/sftp-server Maybe i should install a normal ftp server? (but the security case
then?) A normal ftp server wouldn't work either, and for the same reason. The ftp daemon logs you in (that works fine with no /bin/false as a shell), and then starts a shell to run its fileserver - that's where things fail.
My ideal solution would be: leave /usr/bin/passwd as shell, access for
users
to their ftp accounts through sftp (client may be putty psftp.exe or something). How to achieve it?
I could never be considered a *nix guru, but I don't think it can be done using 'regular' components. What you need is either a special program that acts enough like a shell to make ssh happy, or a file serving daemon that doesn't use a shell. In other words, I don't know. -- Glenn English ghe () slsware com --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- sftp vs ftp with ssl subscribe (Aug 06)
- RE: sftp vs ftp with ssl Sunny Walia (Aug 06)
- Re: sftp vs ftp with ssl Glenn English (Aug 06)
- RE: sftp vs ftp with ssl Paul Farag (Aug 07)
- Re: sftp vs ftp with ssl Bryan S. Sampsel (Aug 07)
- RE: sftp vs ftp with ssl Skibi de LaPies (Aug 07)
- RE: sftp vs ftp with ssl Glenn English (Aug 08)
- RE: sftp vs ftp with ssl Skibi de LaPies (Aug 08)
- RE: sftp vs ftp with ssl Glenn English (Aug 08)
- SmartCards Sebastian Schneider (Aug 11)
- Re: SmartCards Scott Schwendinger (Aug 12)
- Re: SmartCards Sebastian Schneider (Aug 12)
- RE: SmartCards Nick Owen (Aug 12)
- Re: sftp vs ftp with ssl Ido Breger (Aug 08)
- Re: sftp vs ftp with ssl Andreas Happe (Aug 08)
- <Possible follow-ups>
- RE: sftp vs ftp with ssl Nauwelaerts, Nick (Aug 18)