LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 09-24-2005, 07:48 PM   #1
Four
Member
 
Registered: Aug 2005
Posts: 298

Rep: Reputation: 30
dissableing root ftp login


Using vsftpd is it possible to prevent root from loging in via anything like ftp. And the only way to log root in is using the computer hosting the server?
 
Old 09-25-2005, 01:01 PM   #2
Yalla-One
Member
 
Registered: Oct 2004
Location: Norway
Distribution: Slackware, CentOS
Posts: 641

Rep: Reputation: 36
For security purposes I strongly recommend disabling both ftp and telnet (regardless of which ftp server you favour) and use only ssh instead, where you also easily can disable the root login, and even further limit which users should be able to log in. Unless you plan to run a public ftp service, I see no need for allowing ftp service on your computer.

For disabling root login on ssh, see the file /etc/ssh/sshd_config

-Y1
 
Old 09-25-2005, 01:04 PM   #3
debianmike
Member
 
Registered: Sep 2005
Posts: 115

Rep: Reputation: 15
look at /etc/securetty (might be securtty). That lists the place's root can log in from (but I don't think it affect ftp).


In /etc/ssh/sshd_config, there is a line that says PermittRootLogin = no/yes....that prevents root from sftp'ing....

I know this doesn't answer your question, but I like to hear myself type so I respond to random postings.
 
Old 09-25-2005, 02:46 PM   #4
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
The easiest way would probably be to create the file:

/etc/vsftpd.ftpusers

And in that file put all the usernames for people NOT allowed to login via FTP (in this case, root).

Then, in the /etc/vsftpd.conf file, add these lines:

userlist_enable=yes
userlist_deny=yes

This will force VSFTPD to check the vsftpd.ftpusers file and any usernames it finds in the file will be denied login access.
 
Old 09-25-2005, 09:02 PM   #5
Four
Member
 
Registered: Aug 2005
Posts: 298

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by Yalla-One
For security purposes I strongly recommend disabling both ftp and telnet (regardless of which ftp server you favour) and use only ssh instead, where you also easily can disable the root login, and even further limit which users should be able to log in. Unless you plan to run a public ftp service, I see no need for allowing ftp service on your computer.

For disabling root login on ssh, see the file /etc/ssh/sshd_config

-Y1
What is ssh? I chose vsftpd because it was the easiest to quickly setup, and I found a tutorial on it easily. Iam a at this.
 
Old 09-25-2005, 09:53 PM   #6
debianmike
Member
 
Registered: Sep 2005
Posts: 115

Rep: Reputation: 15
ssh is a secure shell...replacing telnet, which wasn't secure.

the ssh daemon also allows secure ftp (sftp) which is easy to install and configure.

I don't recall you distro, but evey one i have installed usually has it as part of the basic install.
 
Old 09-26-2005, 05:11 AM   #7
Whitesocks
Member
 
Registered: Sep 2005
Posts: 30

Rep: Reputation: 15
Just wanted to add the reason you should use ssh instead of telnet: ssh traffic is encrypted while telnet traffic is sent over the internet in clear text. Depending on how your internet provider has set up the network, it may be possible for other people on your network to view your traffic. Also, the people who work at your internet provider can not be trusted by default.
 
Old 09-26-2005, 12:40 PM   #8
Yalla-One
Member
 
Registered: Oct 2004
Location: Norway
Distribution: Slackware, CentOS
Posts: 641

Rep: Reputation: 36
Quote:
Originally posted by MS3FGX
The easiest way would probably be to create the file:

/etc/vsftpd.ftpusers

And in that file put all the usernames for people NOT allowed to login via FTP (in this case, root).

Then, in the /etc/vsftpd.conf file, add these lines:

userlist_enable=yes
userlist_deny=yes

This will force VSFTPD to check the vsftpd.ftpusers file and any usernames it finds in the file will be denied login access.
I just have to comment on this with a general observation. IMHO it's both more secure and easier to manage to implicitly deny than the other way around. Thus I would recommend to only allow those accounts put in the list, and by default deny everyone not on list. This way, if you forget an account, or later decide to create a new local user which you don't add to the list, you're not in trouble securitywise..

As an ssh comment to Four: As you're posting in the Slackware forum I assume you're running Slackware yourself. If so, you verify that ssh is enabled by "chmod 755 /etc/rc.d/rc.sshd" (making the script that starts the ssh daemon executable). Then disable all other ftp daemons etc, and you have a far more secure system, where people can't just snoop for your ftp passwords, get local access, exploit a local security hole and then own your box... Keep the hackers out

-Y1
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP Server Up and running... how do I hide ftp users from local login screen? joe1031 Mandriva 2 03-18-2005 04:24 PM
cant login as root using FTP Santosh_d Linux - Newbie 5 03-08-2004 05:38 AM
I have re-installed MK 9.2 but cannot login as user, login as root works. bobinglis Mandriva 2 02-22-2004 11:39 AM
Only Root Login via ssh / ftp Lanmate Linux - General 2 12-22-2003 11:11 PM
WU-FTP root login remote adme Linux - Networking 2 02-07-2003 02:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 12:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration