Hi to all!
How can I allow users to log in using a sftp connection, but NOT allowing
them to open a shell using ssh?
(If I change a shell to /bin/false, that user cannot log in through sftp)
I have a i386 arch. , SuSE 7.1, and all patches applied.
Thanks in advance.
----- Original Message -----
From: "Nikolisin, Harald"
To:
Sent: Wednesday, January 28, 2004 6:34 AM
Subject: [suse-security] vsftpd & epsv4 mode
hi list
yesterday I set up a vsftpd server - sucessfully ;-)
all common connections (from the beloved redmond tools) make no problems.
curiously the lukeftp command line tool has problems connecting the server.
in
standard mode all command which active the passive mode fails:
229 Entering Extended Passive Mode (|||46597|)
...here is dead end. after googeling I discover the epsv4 toggle mode. after
disabling the extended passive commands, following server message appear:
227 Entering Passive Mode (XXX,XXX,XX,XX,23,72)
that works quite good. curiously I can establish a connection to this
ftp-server via VPN (and the private IP-Number). within my enterprise network
the 229 - Extended Passive Mode works!
therefore it is definitely not the fault of vsftpd. here comes my questions.
1) I assume the number "46579" is the port number given from the FTP server
in
the case of epsv. the ",23-72" is the range of data port given by FTP in
case
of pasv mode. is that correct?
therefore one firewall seems blocking the high-port 46579 in the case of
internet-connection (at VPN connection all traffice goes through..)??
2) if I establish with lukeftp a connection to "ftp.suse.com" I am
immediately
in the pasv mode (instead epsv).
I assume SuSE also running vsftpd - therefore a setting must exist which
forces ftp-clients to use classical pasv mode.
unfortunately I could not find this option.
regards
harald
--
Mit freundlichen Grüßen / With kind regards
Dipl.-Ing. Harald Nikolisin
SOFiSTiK AG (Entwicklung)
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@suse.com
Security-related bug reports go to security@suse.de, not here
