LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-13-2003, 10:10 AM   #1
cosmonate
LQ Newbie
 
Registered: Feb 2003
Distribution: Slackware, CentOS
Posts: 18

Rep: Reputation: 0
Question change password local user vsftp ??


how can i change the password for ftp login of local users?

i don't want them to login "clear text" with the system passwords - thats too unsecure for me !!

i need different passwords for ssh and ftp login!

plz help with a description or howto! -> because i couldn't find any useful vsftp docs.!!

greetz
cosmonate
 
Old 02-13-2003, 10:53 AM   #2
Crashed_Again
Senior Member
 
Registered: Dec 2002
Location: Atlantic City, NJ
Distribution: Ubuntu & Arch
Posts: 3,503

Rep: Reputation: 57
Well I don't think you need to worry about changing the ssh login passwords due to the fact that ssh is encrypted. VSFTP on the other hand is not encrypted. On the other hand there are tools that come with the OpenSSH package that allow encrypted file transfers. May I ask what the exact purpose of you ftp server is?
 
Old 02-14-2003, 03:12 AM   #3
cosmonate
LQ Newbie
 
Registered: Feb 2003
Distribution: Slackware, CentOS
Posts: 18

Original Poster
Rep: Reputation: 0
changing passwords

the purpose of my ftp server is that people can transfer their files onto the server and work on the server. the server also hosts a webserver and a database for testing, some dedicated nwn wolf and quake stuff and the backup of my workstation. so i don't want any newbie sniffer to get acces to my server, because of the clear text pwds that are used by ftp!
some of the people who work outside and need to transfer files to my server work under windows so they are not able, or too lazy to use ssh copy or something like that!

so a different ftp password would be of use! because if the ftp password gets hacked only the ftp account and the files there can be accessed
i know proftpd can do this! but proftpd sucks! i want vsftp because of its speed and scalability!

greetz
cosmonate
 
Old 02-14-2003, 03:51 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,452
Blog Entries: 54

Rep: Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895
Look into the Vsftp tarball/docs for the PAM sample (/etc/pam.d/vsftp), it uses the PAM module pam_userdb.so which allows you to maintain a separate passwd list.
 
Old 02-14-2003, 04:57 AM   #5
cosmonate
LQ Newbie
 
Registered: Feb 2003
Distribution: Slackware, CentOS
Posts: 18

Original Poster
Rep: Reputation: 0
easier way

that was my first thought too!

hmm... i hoped that there is an easier way to do this, instead of handling those pam things! it's quite an involved thing to do so!
-> but i think this is the only way!
if anyone knows an easier way tell me please!

thx
cosmonate
 
Old 02-14-2003, 05:26 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,452
Blog Entries: 54

Rep: Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895Reputation: 2895
If you follow the Vsftp readme it's actually a quite easy solution, but then you wouldn't know until you tried it.
 
Old 02-14-2003, 06:46 AM   #7
Crashed_Again
Senior Member
 
Registered: Dec 2002
Location: Atlantic City, NJ
Distribution: Ubuntu & Arch
Posts: 3,503

Rep: Reputation: 57
Check out my setup . I think we have similar setups and I let my users use Winscp. Its secure and free. Read the tutorial and it will explain how to set it up.

Last edited by Crashed_Again; 02-14-2003 at 06:48 AM.
 
Old 02-19-2003, 07:01 AM   #8
cosmonate
LQ Newbie
 
Registered: Feb 2003
Distribution: Slackware, CentOS
Posts: 18

Original Poster
Rep: Reputation: 0
s copy

that sounds good! best secure solution!
gonna try this and leave the ftp totaly out!

is there a unix scp frontend avaliable too?

greetz
cosmonate
 
Old 02-19-2003, 07:56 AM   #9
Crashed_Again
Senior Member
 
Registered: Dec 2002
Location: Atlantic City, NJ
Distribution: Ubuntu & Arch
Posts: 3,503

Rep: Reputation: 57
I don't know of one offhand but I bet there is.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help! Cannot Add a User to User Manager or Change Root Password lennysokol Linux - General 2 06-25-2005 09:59 AM
local user name and password exposed hagen00 Linux - Security 3 05-17-2005 10:57 AM
vsftp.conf slackware -- local user login Pozican Linux - Software 3 05-08-2005 10:03 AM
what is the command to make a user change their password after creating a new user? naweenio Linux - Newbie 7 01-05-2005 07:07 AM
Samba Administrator does not have privilage to change local machine password vijayandra Linux - Networking 0 11-20-2003 09:26 AM


All times are GMT -5. The time now is 07:26 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration