ftp login -- ssh no login

waffe · 10-10-2003, 08:30 AM

I have created a jailed ftp user account with proftp. This is basically a user who has restrictions on his/her ftp folder. I would like it if they could not login with ssh. I added /sbin/nologin in the passwd file of the user I wanted to stop from using ssh, but as you probably already know, when I do this they cannot ftp in. Is there a way to let a user login with ftp, but not ssh?

waffe · 10-10-2003, 08:59 AM

Well that was easy enough!

Look in /etc/ssh/ there is a file called sshd_config.
By default login is allowed regardless of the group and user name.

Input a new line as the following:
AllowUsers user1 user2 user3
user1-3 should of course exist in /etc/passwd
After "/etc/init.d/ssh restart" only user1-3 are
allowed to access your machine with ssh.

trickykid · 10-10-2003, 10:03 AM

You can also make it even more secure by giving the ftp users an invalid shell.

First edit your /etc/shells file and add something like:

/bin/false

To the list of shells in the file.

Then edit the user in /etc/passwd by editing their default shell to be /bin/false.

If they try to login as themselves thru ssh, telnet or even locally at the machine, it will deny them access as they wouldn't even have a valid shell to run commands, etc.

waffe · 10-10-2003, 10:05 AM

Sweetness! Will DO -'|'-

twantrd · 12-27-2003, 12:42 AM

Hey trickykid,

I just tried that method but I don't see the point in it. You cannot login via ssh (good thing) but you can't even use that account (for ftp or anything else). You might as well have not added that user. Even when i tried using their login just for FTP purposes, it won't even allow me.

-twantrd