Ubuntu Security :: Disabling SFTP Access While Keeping SSH Enabled?
Mar 29, 2011
right now i have vsftpd server installed for FTP access. I originally set it up for both FTP and SFTP, but found that SFTP disregarded any and all permission settings and user jailing that i had set up... so I am switching to just being standard FTP
so here is what's happening:
i've tried to disable SFTP in the sshd_config file, but i am still able to log into the ftp server under sftp through port 22 (which normally is ssh?) i've tried all kinds of things short of just blocking port 22, however I would prefer to be able to remote into my server via Putty (which has access restriction to ONLY allow my admin user account over ssh)..
View 9 Replies
ADVERTISEMENT
Nov 26, 2010
allow sftp access to my Ubuntu system (happens to be desktop as it's also my main system) using accounts that are not able to login normally. (I have already managed to create such accounts.) These accounts need to be chrooted (also already accomplished with the openssh daemon settings.) Where I run into problems is that I want to give them (read only) access to files outside the chroot (on another partition in fact) and the matter if made more difficult because the directories to be shared are on NTFS-3G partitions (as they are a shared linux / windows storage drive). Is this possible and if so, what do I need to do?
Edit - Forgot to include versions
Ubuntu 10.10
openssh 1.5.5p1-4ubuntu4 (the one that comes with 10.10)
View 9 Replies
View Related
Mar 17, 2010
I tried changing the sftpserver port but its not working, besides how can i restrict users from particular ips.Eg: users a can ssh from 192.168.*.*user b can sftp from 200.*.*
View 2 Replies
View Related
Feb 24, 2011
System:
Ubuntu 9.04
OpenSSH 5.1p1
I recently set up SFTP on my server and in doing so wanted to create a jail for users. I went through the steps and edited the sshd_config accordingly and got everything to work perfectly. However since doing so I can no longer ssh to that machine as I once was able to do. SFTP and the jail work fine however if I comment out ChrootDirectory /home/%u and ForceCommand internal-sftp in the sshd_config; I can now ssh to that machine however the jail no longer works. I need to be able to have the jail working properly for SFTP along with being able to ssh to that machine. Is this possiblesshd_config: Jail works for SFTP but no ssh
# Package generated configuration file
# See the sshd( manpage for details
# What ports, IPs and protocols we listen for
[code]...
View 1 Replies
View Related
Jun 7, 2011
The default Firewall ufw is not enabled by default at the time of installation and it has to be enabled by the user.Isn't this a security risk or is the user whether ufw is enabled or not secured from external threats?I am not much knowledgeable about network security But I am trying to understand the Ubuntu mentality behind this default setting.
View 4 Replies
View Related
Sep 26, 2010
I know how to forward ports in my router. Now I need to open a port to help with testing a project and no matter what I've tried, every port under 1055 shows up as stealthed (with 1-71 closed) according to Shields Up! I'm happy to run it at a port > 1024, but whatever I try also shows up stealthed. I even tried (briefly) turning on DMZ and still the same thing. My ISP swears that they only block port 80, 21 and 25, none of which I'm trying to use. UFW status reports inactive and I'm not using firestarter. I'm not running any other server (apache, light speed etc). If it's not my router and it's not my ISP, and there's no other server apps running, then that kind of leaves Ubuntu as far as I can see,
View 8 Replies
View Related
Jan 7, 2010
I've recently built a VM appliance using Ubuntu 8.04 that is given to customers for an easy deployment of our software. Ubuntu works great in a VM and its perfect for our software (which is a web application).
Some customers are paranoid (rightfully so) and they will run a vulnerability assessment on the web application. A particular customers' assessment fails as it finds that the appliance isn't running the latest version the Apache web server. I thought that just running "apt-get upgrade" would upgrade all of the software packages to the latest so that failures in the assessment caused by outdated software packages would be resolved... However this is not the case...
I realize that there is a probably a whole process for submitting/approving the latest versions of software packages in Ubuntu, that then get pushed to the repositories - But how does this work? What exactly does "apt-get upgrade" do if it doesnt upgrade packages to the latest?
For example: I need Apache 2.2.11 to fix a particular vulnerability. But when running apt-get upgrade, it doesnt actually upgrade the Apache version number (or any of the other packages). I'm stuck on Apache 2.2.8, and I can't find a .DEB installer for 2.2.11 or later.
View 5 Replies
View Related
Sep 3, 2010
I've made an SSH server using OpenSSH on my desktop Ubuntu (10.4) for tunneling. However, I'm noticing that the public account I made for my SSH (one to give to friends to use proxy) has SFTP access to crucial system files. I'm okay with SFTP being enabled on my account, but not on this public account. Does anyone know of anyway to either disable SFTP to that user, or restrict access to important files?
View 4 Replies
View Related
Jun 12, 2010
Intrepid Ibex (U8.10) is what I am using presently and I would like to know if there are measures that I can take to prevent my ISP from keeping data that flows between my PC and it.
I am living in Australia, I am wanting to keep the bastards (read: Australian Government) ignorant about what I use my PC for.
Its them storing any of my personal information that I am worried about, but if I can keep my history from them completely, even better...
View 9 Replies
View Related
Apr 11, 2010
I administer a desktop computer with ubuntu 8.04 in an university library. Since it works almost all night, to enable students to study, after some time I noticed some misuses of the computer during the evening, when there isn't many students. My goal was to disable users from accessing internet from 7pm to 7am, but also enable it if certain user was logged in (I use that user for torrent, and I seed on that computers from time to time). So I created a script that's being called by root's crontab, and here is the script's code:
Code:
#!/bin/bash
NUM=`who|grep myuser|wc -l`
#echo $NUM
if [ $NUM -le 0 ]; then
/sbin/ifconfig eth0 down
else
/sbin/ifconfig eth0 up
fi
Since I created the script, I actually never seeded anything, so I'm wondering now if that's going to work at all, and (also) is there a better solution for this.
View 5 Replies
View Related
Jul 20, 2010
Can I allow SFTP for ANY , but SSH for some IP address
View 6 Replies
View Related
Aug 11, 2010
I have ubuntu installed on an external hard drive. My ubunutu "Places" shows my windows partition which is on my internal hard drive. I would like to PERMANENTLY disable accessing windows partition in Ubuntu. I don't want to set authentication,etc. I want to PERMANENTLY disable it. I tried commenting "/etc/fstab" file but it still shows up in "Places" tab. I absolutely hate this. I would like to get rid of this. If nothing goes well I will get rid of Ubuntu itself.
View 3 Replies
View Related
Oct 20, 2010
On my Ubuntu 8.04.4 LTS webserver I desperately want to disable the Root account. But at the moment I am unable because I prefer to use Nautilus/Dolphin on my home laptop for SFTP. The graphical interface also helps when comparing multiple config files at once, something that being limited to NANO or PICO would make extremely painful. The problem is that if I don't use ROOT I can't perform any SSH or SFTP actions with a graphical interface, because I can't use SUDO without the terminal. Does anyone else leave root enabled? I have a non-standard port, disabled password authentication in favor of ssh keys, and I have a tarpit configured
View 2 Replies
View Related
Jan 19, 2011
I'm running an SFPT server which my clients logon to using an FTP client. at the moment each client has a user name and password.
Thus far to improve security I've disabled root login but an looking for futrhrt ways to protect it from attack, having researched using google some of the security features suggested prevent the FPT clients from connecting.
Questions:
1- what further things can i do to secure my server that still allows it to be usable for FTP clients?
2- specifically is it possible to use non login pre-share key authentication?
How i set up the server is shown here: [url]
View 3 Replies
View Related
Mar 31, 2010
I have tried, to set this up, but failed what kind of ftp would you guys recomend, as i have been having slight problems over recent days, with unknowns logging onto my annon ftp server, delt with mind.
I am thinking about a proper login even for the annon account, fairly easy to setup.
View 9 Replies
View Related
Mar 8, 2011
I have a project stored on a university server which I'd like to be able to work on from home.
I already have an SFTP folder set up, which I can access easily in Nautilus, and I can freely copy files back and forth, or open them in e.g. gedit.
However, the project is in Matlab, and I cannot see the mounted SFTP folder from within Matlab. This means that I can't work on the project in Matlab without copying the whole lot across to my local machine when I want to work on it.
Is there some way I can get Matlab to "see" the connection so that I can use the mounted SFTP folder like any other in my filesystem? It appears on my desktop when connected - does it have some other mount location?
View 2 Replies
View Related
Mar 20, 2011
i want to allow some friends to ssh/sftp/scp into my system but i only want them to have access to my external hard drive (/media/externalHD/), and i dont want them to be able to delete or add anything, only download.i have found instructions on how to limit a user to his/her home directory and thought about just creating a user with the home directory /media/externalHD but idk if this will work and im afraid i might make a mistake and delete 800gb of 'files'
View 2 Replies
View Related
Jun 1, 2011
I want to access my files on my home computer when I'm away (school, vacation etc). I set up a scheduled task to send to send me my external IP address by email because I have a dynamic IP and dont want a static url. (dyndns) I planned to use sftp for an encrypted connection, but I dont know where to start. How can I set up my computer to accept incoming requests, but without any security issues?
Ubuntu 10.10 Desktop 32-bit
openssh-server installed
View 9 Replies
View Related
Jan 18, 2011
Is there software that is available that restricts access to ssh and sftp in a similar fashion as Chroot?
View 1 Replies
View Related
May 31, 2011
I'd like to modify a linux distro, specifically Puppy, so that the drivers/mechanisms for mounting local HDDs and Networking is Disabled completely. A step further than simply disabling "auto-mounting" at boot time, I don't even want mounting to be possible (at least by default).Likewise, further than just disabling network devices, I'd like to remove the ability to use network devices. How are these "mounting" and "device drivers" mechanisms implemented, where are they, and what are my options?
View 14 Replies
View Related
Dec 20, 2010
I'm running a server using ubuntu 10.04 x64. I want to disable access of groups to "bin" folder so they cannot execute commands.
[info: actually because of a bug in cPanel (the control panel I installed) Perl will give access to all hosting users to execute commands.]
So what I wanna do is to ban some groups on 'bin' folder, for example 'my_group1' and 'my_group2" cannot access bin but 'my_trusted_group' can access it. How is it possible?
View 1 Replies
View Related
Nov 9, 2010
if i want user should`t have more than 20 sftp connections to a server,is there any way we can limit no.of connections to a particular user on the server using ssh configuration
View 7 Replies
View Related
Jun 8, 2011
I've run into my first Linux/Unix roadblock and need support. I am creating a user strictly for SFTP and need them to login to a specific folder as well as set their navigate, write, and read permissions appropriatly but am having trouble. I was able to modify /etc/passwd to change their home location upon login but was warned that it was a bit dangerous to modify this file, even though my login test worked, and that I should look for an alternate solution in case shadow passwords were used. I'm reading up on chmod and understand the binary relationship but still can't seem to put the pieces together for each folder I'm working in. Below is what I need to satisfy: username for this test will be 'customer'
Example folder: /storage/company/files
1. User 'customer' needs to login to /storage/company/ by default.
2. User 'customer' needs browse, write, and read permissions to /storage/company/ and ALL files and subdirectories within this folder
3. User 'customer' must be UNABLE to navigate backwards toward folder root / or in general, navigate out of their primary home location.
View 1 Replies
View Related
Jun 6, 2010
I am currently running Ubuntu Server 9.10 as an FTP server. It has become a necessity to allow users access via SSH terminal or sftp via WinSCP. I need to be able to monitor what users are doing at any given time and be able to pull up each users activity history. Essentially I need to be able to pinpoint who modified a file at what time. Also what is the best method to monitor things like nmap probes?
View 1 Replies
View Related
Apr 15, 2010
I want to allow users to user sftp to upload and download files frome one folder, as you know this uses ssh, my question is if i create user to access linux serverthrough ftpd they will be able to browse the root directry, can I create users and ristrict them to only specific directory?
View 1 Replies
View Related
Jan 3, 2010
Not using filename encryption when you create a new encrypted folder is easy, but how to disable it in the home encryption that is automatically set up by the Karmic installation CD?
View 1 Replies
View Related
Dec 21, 2010
I'm running a server using CentOS 5 x64 I want to disable access of groups to "bin" folder so they cannot execute commands. [info: actually because of a bug in cPanel (the control panel I installed) Perl will give access to all hosting users to execute commands.] so what i wanna do is to ban some groups on 'bin' folder, for example 'my_group1' and 'my_group2" cannot access bin but 'my_trusted_group' can access it.
View 1 Replies
View Related
Feb 24, 2011
If one uses a free ftp account to store private data such as bookmarks, they might prevent any eavesdropping by using ssh for the transfer (ftps), or alternatively sftp.
However, they would still have to trust the ftp hosting provider, because the data is stored unencrypted in the server.
Someone suggested putting all bookmarks in a small truecrypt volume instead and synchronizing this with the ftp server.
Performance issues aside, given that the plaintext only changes a little in each resync (only a bookmark is added usually), is the use of the truecrypt volume introducing a means for an eavesdropper to break the code?
View 6 Replies
View Related
Apr 23, 2010
I am using Red Hat and was wondering how to disable username and password only login and require that a PPK secure key file be used for authentication ? I can log in using the secure private key and the public key that is in ~/.ssh/authorized_keys but i can still log in using the plain username and password login.
View 2 Replies
View Related
Dec 11, 2010
I want to share files over the web with only a few people and limiting them to certain folders. I have been doing a remote access (ssh) to my server to access it from a pc on the local network. I later found out the same program doing ssh (open_ssh) was also doing sftp, great I could do both with one system account. Problem I couldn't find away to configure another user to go over the web with limited folder access without messing up my user to access the pc. I tried ftps by using vsftpd, I couldn't get chroot set up correctly or even log in. So my question is what program and/or protocol should I use to do secure ftp over the web?
OS: Ubuntu 64bit 10.04
View 4 Replies
View Related
