secure ftp with vsftpd without (remote) shell login - Security

This is a discussion on secure ftp with vsftpd without (remote) shell login - Security ; RHEL5 (more specific scientific linux 5) webserver. I created a user for every customer with no shell login. The users home = /var/www/html/ name-of-site/htdocs. In vsftpd.conf I made sure that they cannot leave their home dir (chroot jail). Some customers ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: secure ftp with vsftpd without (remote) shell login

  1. secure ftp with vsftpd without (remote) shell login

    RHEL5 (more specific scientific linux 5) webserver. I created a user
    for every customer with no shell login. The users home = /var/www/html/
    name-of-site/htdocs. In vsftpd.conf I made sure that they cannot leave
    their home dir (chroot jail). Some customers want to use secure ftp,
    but then I have to give them shell login.
    Is there a possibility to let users choose wether they want to use FTP
    or SFTP without giving them remote shell login ?

    thanx,

    JM


  2. Re: secure ftp with vsftpd without (remote) shell login

    > Is there a possibility to let users choose wether they want to use FTP
    > or SFTP without giving them remote shell login ?
    >


    It's been a while since I looked at this, but I believe vsftpd will
    run ftp over SSL/TLS which shouldn't require shell login. Not sure
    about that but I can't see why it would.

    Cheers,
    elliott


  3. Re: secure ftp with vsftpd without (remote) shell login

    On 27 Jul, 16:46, saucily wrote:
    > > Is there a possibility to let users choose wether they want to use FTP
    > > or SFTP without giving them remote shell login ?

    >
    > It's been a while since I looked at this, but I believe vsftpd will
    > run ftp over SSL/TLS which shouldn't require shell login. Not sure
    > about that but I can't see why it would.
    >
    > Cheers,
    > elliott


    WebDAV over HTTPS, baby, WebDAV over HTTPS. It avoids the FTP firewall
    issues, you can use any user authentication supported by Apache, and
    it's built into the lftp and cadaver comand line tools and many web
    clients for cut and paste installation.

    The one thing it doesn't handle well is symlinks, and it takes a bit
    of tweaking to turn off PHP or Perl scripting for editing websistes
    that use it. But seriously, it's good stuff.


+ Reply to Thread