LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-23-2008, 01:54 PM   #1
redleg7
LQ Newbie
 
Registered: May 2008
Posts: 5

Rep: Reputation: 0
Question Allow vsftd connections while NOT allowing sshd


Using /etc/hosts.allow and /etc/hosts.deny, is there a way to allow vsftd connectins but block sshd connections? I have tried the following, but this blocks both sshd and vsftp:
/etc/hosts.allow: vsftd : ALL
/etc/hosts.deny: sshd: ALL

I think that vsftpd and sshd both use the same port, and that is why this does not work. Am I correct, or is there some other explanation?
 
Old 05-23-2008, 08:25 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 376Reputation: 376Reputation: 376Reputation: 376
Quote:
Originally Posted by redleg7 View Post
Using /etc/hosts.allow and /etc/hosts.deny, is there a way to allow vsftd connectins but block sshd connections? I have tried the following, but this blocks both sshd and vsftp:
/etc/hosts.allow: vsftd : ALL
/etc/hosts.deny: sshd: ALL

I think that vsftpd and sshd both use the same port, and that is why this does not work. Am I correct, or is there some other explanation?
They don't use the same port - FTP is 21 and SSH is 22. Regardless, it is my understanding that TCP wrappers uses service process names for identification - not port numbers. Granted, I don't use TCP wrappers (I use iptables instead), so I could be mistaken about that.

That said, why do you need a rule for vsftpd in your hosts.allow file in the first place? If what you posted is all you have in those files then you don't need anything in hosts.allow, as TCP wrappers will allow access to services by default. hosts.allow is mostly useful for exceptions to what you have in hosts.deny.

AFAICT none of this explains the symptoms you describe, though - unless there's something you aren't telling us. For example, if the misspelled daemon name you posted is what is actually in the hosts.allow file, and there is an "ALL: ALL" in the hosts.deny file, then access to vsftpd would be denied (since no match would occur in hosts.allow, while "ALL: ALL" would match in hosts.deny).

Last edited by win32sux; 05-23-2008 at 08:28 PM.
 
Old 05-25-2008, 04:40 PM   #3
redleg7
LQ Newbie
 
Registered: May 2008
Posts: 5

Original Poster
Rep: Reputation: 0
Allow vsftd connections while NOT allowing sshd

OK, my mistake, I want to allow secure ftp (sftp) and disallow ssh. This is what I want to do. I want to allow users to upload files to a web server using secure ftp, but disallow ssh connections to the same web server except for selected ip addresses. I have attempted to use the following rules:

/etc/hosts.allow:
sshd : <IPaddress1>, <IPaddress2>, <IPaddress3>

/etc/hosts.deny:
sshd : ALL

This works fine for ssh. However when I attempt to load files using secure ftp, the connection is refused by the server. My understanding is that sftp uses ssh. Thus it would seem that this rule effectively blocks both ssh connections and secure ftp connections (sftp). Is there a way around this, (i.e., block ssh but allow sftp) or is this impossible to do using rules in /etc/hosts.allow and /etc/hosts.deny?

I have used iptables to set up rules for other situations. Should I be looking at iptables versus the above method. (Sorry for not making the initial posting more clear, and many THANKS for the initial reply.)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSHD not allowing remote login c0mputerking Red Hat 3 07-29-2007 04:13 PM
Allowing connections to IMAP server? cypherc Linux - Newbie 4 05-16-2007 10:50 AM
cannot Allowing Incoming X Connections with xhost + libin88 Linux - Enterprise 1 11-09-2005 04:25 PM
webserver - allowing connections from outside gateway? maverick106 Fedora 2 05-03-2004 11:01 AM
MySQL not allowing connections from Applet peteABK Linux - Newbie 1 11-04-2003 10:29 PM


All times are GMT -5. The time now is 02:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration