[techtalk] ftp only shell for users...

Steve Kudlak chromexa at ovis.net
Sat Nov 27 08:14:02 EST 1999 


lilith at paxumbrae.com wrote:

> Couldn't you use hosts.deny to deny all telnet/ssh/etc access to the
> machine, then explicitely allow yourself or anyone else you'd like to have
> it through hosts.allow?
>
> If no one is to get shell access on that machine, you could simply not
> load the telnet daemon if you have ready access to the machine's console.
>
> There are probably ways to get around the first situation, but the second
> is pretty strong. If the service isn't running, they can't connect to it.
>
> On Sat, 27 Nov 1999, Alain Toussaint wrote:
>
> > > Shellscript would work too. Hm. How about 'cp /bin/false /bin/fakeshell'?
> >
> > well,i'm not sure you understood the problem,you see,there's some users who
> > want to be able to ftp to the box for uploading purpose (they upload their
> > webpages),for them,we need to enable a real shell (/bin/bash in this case) but
> > this also give them the ability to login using telnet creating a security
> > liability for the server,the owner of the business also have another isp which
> > use a shell named /bin/ftponly,i tried real hard to search for that utility
> > but i found nothing (and he's virtually working 46 hours per day so he still
> > hasn't answered my mail about where to get this app),do you know of a shell
> > which would enable user to upload this while not giving telnet access ??
> >
> > Thanks a lot
> >
> > Alain Toussaint
> >
> > > Jenn V.
> >
> > ************
> > techtalk at linuxchix.org   http://www.linuxchix.org
> >
>
> ************
> techtalk at linuxchix.org   http://www.linuxchix.org

Isn't denying ssh, going to extreme? If a friend gets back from Australia, well I'll
install ssh and stuff for her and hopefully that will make things hunky-dory
(America English: Good, OK, all right). Stopping ports one doesn't use might be a
good idea. But jumping at every ghost in the night is not good either.

Note that CERT, as in www.cert.org, mentioned unsecured port 98 as being the major
security hole in linux.Although apparently sniffers are a problem, for sure. There
seem to be adequate protections against these.

Have Fun,
Sends Steve



************
techtalk at linuxchix.org   http://www.linuxchix.org

More information about the Techtalk mailing list