Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-06-2005, 10:00 AM
|
#1
|
LQ Newbie
Registered: Dec 2004
Location: Little Rock, AR USA
Posts: 8
Rep:
|
VSFTPD with secure & non-secure logins
I have VSFTPD set up on my Suse 9.1 professional server and I have SSL enabled. Is there a way to use a "non-secure" ftp client to do ftp when I have this setup?
As an example: I want to use a "secure ftp client" for people outside my network to hit my ftp server and put or get files, but I want to use a "non-secure ftp client" for people inside my network to be able to access those same files.
Is there a way I can do this? Any help or suggestions would be greatly appeciated.
Thanks
|
|
|
04-07-2005, 03:51 AM
|
#2
|
Senior Member
Registered: Oct 2004
Posts: 1,272
Rep:
|
Don't know about restricting non-secure access to the local network and secure access from everywhere else but you can allow both secure and non-secure access using the same daemon - man vsftpd.conf
|
|
|
04-07-2005, 02:07 PM
|
#3
|
LQ Newbie
Registered: Dec 2004
Location: Little Rock, AR USA
Posts: 8
Original Poster
Rep:
|
I looked at the man page document on vsftpd.conf extensively and tried several things with the "user_list", "Enable user_list" and
"Deny user_list" and that either allows or denies the users across the board and does not distinguish between secure and non-secure clients logging in.
How would I set this up to allow secure logins using a secure client and non-secure logins using a non-secure client?
Thanks,
Ricci
|
|
|
04-07-2005, 03:15 PM
|
#4
|
LQ Newbie
Registered: Apr 2005
Posts: 1
Rep:
|
I can think of one way to do that.
First you have to run 2 copies of the vsftpd deamon. I suggest running the secure one from inetd and the local one as a standalone daemon.
Make a config file for the standalone daemon (ie the insecure one) with all the options you want, eg. run as standalone, no ssl, etc... and give it a non standard port option.
For restricting access to certain protocols or ports from certain places, look in the /etc/hosts.allow and /etc/hosts.deny file. You will need to look at the man pages as I have not much experience editing these files. You could for example allow all traffic on port 21, 20 from outside users to your secure vsftpd. Conversely you could allow only traffic from your internal ip to your insecure ftp port.
Hope that helps.
|
|
|
04-07-2005, 05:07 PM
|
#5
|
Senior Member
Registered: Oct 2004
Posts: 1,272
Rep:
|
Running as one deamon I don't think you can accomplish what your after, you can however setup your secure certificate paths and secure options and set force_local_data_ssl and force_local_logins_ssl to false. That way it is up to the client whether or not they use a secure login.
Running two deamons might be your only way. You could always research other ftp servers such as proftpd to see if they'll do what you want.
|
|
|
04-07-2005, 05:12 PM
|
#6
|
LQ Newbie
Registered: Dec 2004
Location: Little Rock, AR USA
Posts: 8
Original Poster
Rep:
|
Thanks so much for the info, I think I am going to give the "running two deamons" a try and see how it goes.
|
|
|
02-25-2020, 12:49 AM
|
#7
|
LQ Newbie
Registered: Feb 2020
Posts: 1
Rep:
|
Put this in your config file:
#enable both ssl and non-secure
force_local_logins_ssl=NO
then don't forget to restart service
|
|
|
All times are GMT -5. The time now is 09:25 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|