SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
VSFTPD is for the ftp protocol, not sftp. If you want to use sftp (and it IS preferable to ftp if you're not sure you want ftp), then you need to set up ssh server.
I have setup VSFTPD as my ftp server. I would like to create a sftp-only account, I am not sure how this should be done in Slackware.
All that is needed for sftp is an ssh account. I'm pretty sure the ssh server is started by default on a new install. It also defaults to any user having ssh/sftp access.
So, most likely, all you need to do is connect to the computer using sftp by providing your user's username and password.
I set the VSFTPD as my ftp server. I was able to connect using a local account, now I have an issue where it says protocol is not assigned despite me not making any modifications and also reconfiguring from scratch. I know this is a different issue, but is there anyway to check what the issue is or why this is the case?
All that is needed for sftp is an ssh account. I'm pretty sure the ssh server is started by default on a new install. It also defaults to any user having ssh/sftp access.
So, most likely, all you need to do is connect to the computer using sftp by providing your user's username and password.
I was able to connect using a local account, but I would like this user not to be able to log in via ssh.
VSFTPD is for the ftp protocol, not sftp. If you want to use sftp (and it IS preferable to ftp if you're not sure you want ftp), then you need to set up ssh server.
I did not know this, thank you. Would something like Dropbear SSH/OpenSSH work?
I was able to connect using a local account, but I would like this user not to be able to log in via ssh.
You can add the option DenyUsers to your /etc/ssh/sshd_config
Code:
DenyUsers
This keyword can be followed by a list of user name patterns, separated by spaces.
Login is disallowed for user names that match one of the patterns
Yes, but OpenSSH would give the most functionality. Please remove vsftpd while you are in there.
Then for SFTP-only accounts with OpenSSH, assign a new system group and put the accounts which should be restricted into it. Then use a Match directive in sshd_config to set up the SFTP-only access. One way would be like this:
Code:
Subsystem sftp internal-sftp
Match Group limited
ForceCommand internal-sftp
AllowStreamLocalForwarding no
AllowTCPForwarding no
X11Forwarding no
There, any accounts in the group 'limited' will only be able to use SFTP and be set to use the built-in SFTP server. See "man sshd_config" for more details on those settings.
Newer versions of OpenSSH can have a simpler configuration:
Code:
Subsystem sftp internal-sftp
Match Group limited
ForceCommand internal-sftp
DisableForwarding yes
I have setup VSFTPD as my ftp server. I would like to create a sftp-only account, I am not sure how this should be done in Slackware.
It looks like the OP is close to a solution but here's my suggestion anyway. I use rssh (restricted shell) on a lab gateway machine that I deploy Clonezilla images from. I've firewalled out non-local subnets but to prevent users in the lab from ssh-ing as the Clonezilla user I installed rssh and set the login shell to /usr/bin/rssh.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
