I have configured the SFTP Jail for some of the users in my sftp server and which is hosted for my clients.i have one small issues and i need the help from experts. e /../jajil/etc/shadow file. can you please help me how to update the password in /../jail/etc/shadow file instead of updating in /etc/shadow file.
View 3 Replies
In RedHat 4/5 How can i jail/restrict an sftp user to his home directory?
Can i do this without using rssh ?
i have a vsftpd server running well but i want to make/force all users to use sftp and not just ftp is this possible?
View 1 Replies View RelatedUsing CentOS 5.5. I have a handful of users that I need to have connect to my server via sftp and start in the same directory. for example, user1, user2, user3, etc.. will connect via sftp and upon connection will all be in the /some/dir/path/ftp-root directory.I know one way is to create these users all with the same 'home' directory, since by default a user starts in their home directory when connecting via sftp, but before just doing that, I wanted to find out if that is really the appropriate method to use? alternatives? Is there some setting on the sftp server end that could direct all users to one starting directory so that these users don't have to have the same 'home' dir? I'm using the sshd daemon that comes with CentOS 5.5 (with all current updates/patches)
View 4 Replies View RelatedI see this questioned asked a lot and figured this tutorialThis tutorial explains how to create an SFTP server which confines (or chroot) users to their own home directory and deny them shell access.
View 1 Replies View RelatedI have configured rssh 2.3 with openssh 5.8 on RHEL 5.6 64 bit to restrict the users to scp and sftp. When i try to sftp or scp it gives error connection closed. After long googling tried different solutions like add missing libraries, setuid to rssh_helper. I had full copy of /lib to /chroot/lib and /chroot/lib64 but no success. conf and log files are below for reference.
[Code]...
chroot in two mini distros (Tiny Core and SliTaz): chroot jail appears 'blind'. Chroot can't find any files in the jail and exit with error code. Example (ugly):
Code:
# mkdir /mnt/test
# mkdir /mnt/test/bin
# mkdir /mnt/test/dev
# mkdir /mnt/test/proc
# mkdir /mnt/test/lib
# mount /dev/hdb1 /mnt/test
# mount -t proc none /mnt/test/proc
[Code]...
chroot: cannot execute /bin/bash: No such file or directory Where is the problem?
As a Windows user, I generated a pair of DSA keys from CoreFTP Lite and sent it to a third party that runs an SFTP server. They told me that a valid DSA key needs to have ssh-dsa at the start and the username@systemname at the end. CoreFTP generated neither the ssh-dsa header nor the username@systemname footer. I tried with WinSCP and it didn't generate them either. Is there a difference between how SFTP works between Windows and Linux? If I put a useraccount@systemname at the end of the text will it work? How would the Linux system validate that my system is called "systemname"? If it can't validate, what is the purpose of adding it?
View 2 Replies View RelatedIm trying to config my intranet to be accessible from inside the network (lan) without need of password and ask for a passwd for those who are viewing from Wan ....
Today my intranet can only be accessed from Lan, external access give me an Unauthorized message, I took look around, try #irc and still can get the appropriated help, I hope that someone here could help me on that...
A piece of my config:
Code:
My company has policy that user accounts expire once a month and they also get locked out if they re-try login more than 3 times (pam_tally). It gets very annoying every time they come and ask to get password changed.How do I let users change their own password? Also let the system email them every day for two weeks before password expiration and until they change their password?
View 5 Replies View RelatedI run a linux file server for my office and we user SFTP for remote partners to login and download files. Is there a way to see if there are any active connections or logins so I can know when it is safe to perform maintenance on the machine?
Since the machine is almost constantly serving large files, scheduled maintenance is often bumped off due to someone either upload
I am wondering how websites like banks are able to determine if you have previously used a certain computer to access the website, even if your router's IP address may have changed and your system's cookies have been cleared. I have users that need to access our HTTP intranet from outside locations. Those locations will have dynamic IP addresses most of the time, so I can't just "allow from [ip]" in my Apache proxy configuration. Originally we considered a VPN, but determined that a VPN will be overkill to access just an internal website, since we do not want external users to have permission to the rest of the network, only the website.I currently have it working over HTTPS with basic authentication against an internal LDAP server, but I want a little more security for such an important website.
crappy diagram:
[user]-->(internet via https)-->[apache gateway]-->(intranet)-->[http server]
I'm using Ubuntu Server 10.04 and I'm also using OpenSSH 5.3. I have SFTP-only users in a chrooted environment. Users are able to login, change directories, upload and download files, but as soon they attempt to give the 'ls' or any list directory. the server disconnects.
View 1 Replies View RelatedI want to allow users to user sftp to upload and download files frome one folder, as you know this uses ssh, my question is if i create user to access linux serverthrough ftpd they will be able to browse the root directry, can I create users and ristrict them to only specific directory?
View 1 Replies View RelatedHow do I set umask for sftp only users ?Users are jailed - that means they use internal-sftp:
Code:
# cat /etc/ssh/sshd_config
..........
[code]...
I'm using on my smb.conf
# Sincronizacion de cuentas LDAP, NT y LM
# unix password sync = Yes
ldap passwd sync = Yes
[code]....
I have an ftp server and normal login works fine as well as ftps but for some reason sftp sends all my accounts to the root directory of the entire server (not good). Been searching around but can't find a fix.
View 6 Replies View RelatedWe have users that send files to our server via sftp... We normallyhave umask set to 022 but for these files we would like to force a umask of 002... I've tried to change in the .bash_profile but does not seem to make any difference...
View 1 Replies View RelatedI am currently running Ubuntu Server 9.10 as an FTP server. It has become a necessity to allow users access via SSH terminal or sftp via WinSCP. I need to be able to monitor what users are doing at any given time and be able to pull up each users activity history. Essentially I need to be able to pinpoint who modified a file at what time. Also what is the best method to monitor things like nmap probes?
View 1 Replies View RelatedServer A: Generated RSA Key
Server B: Added the RSA Key to authorized_keys list
SFTP from A to B.
Still prompts for password.
I will be sftp-ing both from Server B to Server A and 'A to B'. Sever B to Server A works fine. No prompting for password. But from A-B it this is what is happening sftp -v log...
debug1: Offering public key: ~InfAdmin-.ssh-id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: ~InfAdmin-.ssh-id_dsa
debug1: Next authentication method: password
InfAdminATServerB's password:
Why is this trying id_dsa private key? From Server B to Server A when I do the same, it does not say 'Trying Private Key -id_dsa' This is what it says
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
How do I enforce that Server A does the same? Why is it trying the dsa private key when I have used RSA.
I wrote a script ages ago to automate an FTP transfer. This was easy as within the script you can specify the password with password <whatever>. Now I am wanting to do a similar thing with SFTP (SSH). I know that SFTP works differently and I cannot specify the password within the script - what do I need to do on the server I am connecting to to either "trust" the host I am connecting from or to somehow specify the password for "sftp user@some_host"? It's IP address will always be the same.
View 4 Replies View RelatedRunning 10.04 on 4 systems. in one system - updation needed, downloads - but fails at utils core. this has happened 3 times. system is otherwise running ok.snapshot is attached for reference.
View 2 Replies View Relatedhow I can do a ftp connection putting the user and passwd as default?
View 6 Replies View RelatedI want to make a webserver with multiple users allowed to login through SFTP to a specific folder, www.Multiple users are added, lets say user1 and user2, and all of them belonging to the www-data group. The www directory has an owner www-data and a group www-data.
I have used chmod -R 775 on the www folder, but after I try to create a folder test through my SFTP server (using Filezilla) the group of the directory created has only r and x permissions, and I am not able to log in with the second user user2 and create a directory within www/test due to a lack of w permission to the group.
I also tried using chmod 2775 on www directory, but without luck. Can somebody explain to me, how can I make it so that a newly created directory inherits the root directory group permissions?
script which can add a secondary group to all existing users except system users in linux.
View 5 Replies View RelatedRunning CentOS release 5.4
We currently run a web server that allows FTP connections. I want to:
1. Disable FTP on our web server and require sftp only.
2. See if we can create a table of sites that are allowed to connect to the web server using sftp. Or should I just do this at the firewall?
I can't sftp directly into a particular host. To move a file from my home machine to the host, I must sftp a file to an intermediate host; ssh into the intermediate host; and sftp the file to the final destination. Is it possible to avoid such madness?
View 5 Replies View RelatedI am using Ubuntu 9.10 to configure telecom equipments. The software downloading process to the equipment requires that my Ubuntu laptop should act as a SFTP server where the software bundle for the equipment is stored. The equipment act as a SFTP client and requests the software from the server. The equipment have SFTP client hardwired in its memory. The same process i did with windows and i used Putty and FreeFtpD and it worked. Now i want to move to Ubuntu as i want to show that it is better. I have installed OpenSSH server in my laptop and now i need to know few things that i could not find anywhere straight forword.
1)I am using a ubuntu live usb drive with persistancy. How do i set username and password for the client, that is how to create the account in OpenSSH server?
2)I need to keep the software for the equipment in a folder inside server, so that it can be transferred to client upon request. In windows I give the path of the folder to FreeFtpD server. How to do the same in OpenSSH server?
Setting up servers and clients in linux is completely new for me.If this is done (as i know it can be but dont know how) then i can completely move from windows to Ubuntu environment.
I just updated my CentOS 5 installation to 5.2 using yum update command.
But soon after restart, I can't use FTP anymore.
I tried SFTP but it always ended with "out of memory" message.
And last way, I tried to uninstall ftp and replace it with vsftp but still cannot solved.
Now I don't know how to upload my files to this server :(
I need to be able to capture a users password when they login. I am well aware of the security issues with this and I'm ok with this.
We run a call center and I am working on migrating from windows to Kubuntu for the callers. It's policy that all callers must report their password to me, so I already know of everyone's password. There has to be some variable/script that I can "hack" to get the password they typed in to the login screen.
What I'm trying to do is that when a user logs in in for the first time, their profile is automatically created and set up. Setting up network drives, email, pidgin (which the password is stored in plain text anyway, so forget about security on that one), web apps, etc.
Trying to find information on How to capture a users password and all have been responded with the usual lecture on why you shouldn't do this. So I've heard it all before and I know of the risks. Like I said, I already have the callers password on file. If I could capture it, I wouldn't have to manually setup each profile every time we get a new caller, which is often since turnover is quite high in call centers.
