LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-06-2005, 10:00 AM   #1
Ricci Graham
LQ Newbie
 
Registered: Dec 2004
Location: Little Rock, AR USA
Posts: 8

Rep: Reputation: 0
VSFTPD with secure & non-secure logins


I have VSFTPD set up on my Suse 9.1 professional server and I have SSL enabled. Is there a way to use a "non-secure" ftp client to do ftp when I have this setup?

As an example: I want to use a "secure ftp client" for people outside my network to hit my ftp server and put or get files, but I want to use a "non-secure ftp client" for people inside my network to be able to access those same files.

Is there a way I can do this? Any help or suggestions would be greatly appeciated.

Thanks
 
Old 04-07-2005, 03:51 AM   #2
phil.d.g
Senior Member
 
Registered: Oct 2004
Posts: 1,272

Rep: Reputation: 154Reputation: 154
Don't know about restricting non-secure access to the local network and secure access from everywhere else but you can allow both secure and non-secure access using the same daemon - man vsftpd.conf
 
Old 04-07-2005, 02:07 PM   #3
Ricci Graham
LQ Newbie
 
Registered: Dec 2004
Location: Little Rock, AR USA
Posts: 8

Original Poster
Rep: Reputation: 0
I looked at the man page document on vsftpd.conf extensively and tried several things with the "user_list", "Enable user_list" and
"Deny user_list" and that either allows or denies the users across the board and does not distinguish between secure and non-secure clients logging in.

How would I set this up to allow secure logins using a secure client and non-secure logins using a non-secure client?

Thanks,

Ricci
 
Old 04-07-2005, 03:15 PM   #4
Stick'n'Clutch
LQ Newbie
 
Registered: Apr 2005
Posts: 1

Rep: Reputation: 0
I can think of one way to do that.

First you have to run 2 copies of the vsftpd deamon. I suggest running the secure one from inetd and the local one as a standalone daemon.

Make a config file for the standalone daemon (ie the insecure one) with all the options you want, eg. run as standalone, no ssl, etc... and give it a non standard port option.

For restricting access to certain protocols or ports from certain places, look in the /etc/hosts.allow and /etc/hosts.deny file. You will need to look at the man pages as I have not much experience editing these files. You could for example allow all traffic on port 21, 20 from outside users to your secure vsftpd. Conversely you could allow only traffic from your internal ip to your insecure ftp port.

Hope that helps.
 
Old 04-07-2005, 05:07 PM   #5
phil.d.g
Senior Member
 
Registered: Oct 2004
Posts: 1,272

Rep: Reputation: 154Reputation: 154
Running as one deamon I don't think you can accomplish what your after, you can however setup your secure certificate paths and secure options and set force_local_data_ssl and force_local_logins_ssl to false. That way it is up to the client whether or not they use a secure login.

Running two deamons might be your only way. You could always research other ftp servers such as proftpd to see if they'll do what you want.
 
Old 04-07-2005, 05:12 PM   #6
Ricci Graham
LQ Newbie
 
Registered: Dec 2004
Location: Little Rock, AR USA
Posts: 8

Original Poster
Rep: Reputation: 0
Thanks so much for the info, I think I am going to give the "running two deamons" a try and see how it goes.
 
Old 02-25-2020, 12:49 AM   #7
Taublast
LQ Newbie
 
Registered: Feb 2020
Posts: 1

Rep: Reputation: Disabled
Put this in your config file:

#enable both ssl and non-secure
force_local_logins_ssl=NO

then don't forget to restart service
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How to enable BOTH virtual & local vsftpd logins with PAM? quasidynamic Linux - Software 3 08-12-2010 01:00 PM
Secure email (SSL vs. secure authentication) jrdioko Linux - Newbie 2 11-28-2004 02:39 PM
vsftpd, and premoicuous. Is it secure? jsbush Linux - Security 2 11-04-2003 01:16 PM
vsftpd very very secure, so secure i can't use it... baronsam Linux - Networking 4 10-06-2003 07:12 PM
Vsftpd Folder ownerships - Is this secure? Korff Linux - Security 2 06-06-2003 02:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 09:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration