Ubuntu Security :: Allow Sftp Access To System Using Accounts?
Nov 26, 2010
allow sftp access to my Ubuntu system (happens to be desktop as it's also my main system) using accounts that are not able to login normally. (I have already managed to create such accounts.) These accounts need to be chrooted (also already accomplished with the openssh daemon settings.) Where I run into problems is that I want to give them (read only) access to files outside the chroot (on another partition in fact) and the matter if made more difficult because the directories to be shared are on NTFS-3G partitions (as they are a shared linux / windows storage drive). Is this possible and if so, what do I need to do?
Edit - Forgot to include versions
Ubuntu 10.10
openssh 1.5.5p1-4ubuntu4 (the one that comes with 10.10)
View 9 Replies
ADVERTISEMENT
Mar 29, 2011
right now i have vsftpd server installed for FTP access. I originally set it up for both FTP and SFTP, but found that SFTP disregarded any and all permission settings and user jailing that i had set up... so I am switching to just being standard FTP
so here is what's happening:
i've tried to disable SFTP in the sshd_config file, but i am still able to log into the ftp server under sftp through port 22 (which normally is ssh?) i've tried all kinds of things short of just blocking port 22, however I would prefer to be able to remote into my server via Putty (which has access restriction to ONLY allow my admin user account over ssh)..
View 9 Replies
View Related
Mar 17, 2010
I tried changing the sftpserver port but its not working, besides how can i restrict users from particular ips.Eg: users a can ssh from 192.168.*.*user b can sftp from 200.*.*
View 2 Replies
View Related
Jun 23, 2010
I have recently discovered the following: when I attempt to connect to any of our machines that are OpenSSH 5.x (Ubuntu 10 or OpenSuSE 11.x in our case) as one of the users defined in the NIS domain that fails. For instance, me (user bepstein) can SSH into all those machines but not SFTP.I can SFTP into those machines on the network that are OpenSSH 4.x, however (CentOS 5.3 - 5.4, OpenSUSE 10.3).As a user defined locally on the machine (in /etc/passwd ) I can connect via either SSH or SFTP even if the machine is OpenSSH 5.x.Some further discussion of that issue is available here: http:[url]....
View 2 Replies
View Related
Jun 15, 2011
I am using ubuntu 11.04 in my home desktop. Is it necessary that firewall should be active inorder to avoid hack? I heard that we will not be given static ip address, only paid one will get static ip address that can be used for web server implementation. If my system doesnt have static address then can others access my system?
View 9 Replies
View Related
May 17, 2010
I have upgraded to Lucid, but was having the same issues on Karmic. I made a 2nd user acct we'll call X and we'll call the original acct Y. All of these issues only happened after creating X.
On X I have: sound Things wrong with X: I don't have the ability to modify any folders (even ones that are made from X's acct), I can't change the password or even access the Users and Groups, I can't modify any browser settings in Firefox but can on Chromium, the option for wireless is completely gone
On Y I have: the ability to access users and groups, the ability to modify all folders on either acct, the ability to change any settings on anything Things wrong with Y: no sound (doesn't even show the driver, but the driver is there on X's acct), wireless is completely gone (just like X's acct), even though I can access Users and Groups I cannot modify anything about X's acct
My first thought was to completely delete X since that's when all the problems began, but I'm afraid that since X seems to have "stolen" my sound card, that will be lost forever. I am also afraid that since neither account has wireless deleting X might hinder ever getting it back.
View 1 Replies
View Related
Sep 3, 2010
I've made an SSH server using OpenSSH on my desktop Ubuntu (10.4) for tunneling. However, I'm noticing that the public account I made for my SSH (one to give to friends to use proxy) has SFTP access to crucial system files. I'm okay with SFTP being enabled on my account, but not on this public account. Does anyone know of anyway to either disable SFTP to that user, or restrict access to important files?
View 4 Replies
View Related
Nov 9, 2010
This might sound really stupid, so you'll all have to excuse my lacking knowledge. I read that USB attacks get more and more common, like putting in an USB stick with a malicious autorun script on it, and it's game over. Can AppArmor protect devices and limit their access to the file system?
View 5 Replies
View Related
Jul 20, 2010
Can I allow SFTP for ANY , but SSH for some IP address
View 6 Replies
View Related
Sep 8, 2010
I recently received an email from a friend without subject and just a link. Since we do that a lot, I clicked on it. I was taking to a website that looks like a phishing site and my computer hard drive started working feverishly. I closed it quickly.
First, I want you guys to be aware of this thing since it seems to be fairly new.
Second, I want to know if I have been compromised. I already changed the password on my gmail account and I accessed the site using Ubuntu and Firefox.
View 3 Replies
View Related
Apr 8, 2009
I have a windows 2003 active directory and dansguardian transparent web filter. I want that dansguardian filters according by whom is logged on the workstation. Can this be possible?
View 2 Replies
View Related
Oct 20, 2010
On my Ubuntu 8.04.4 LTS webserver I desperately want to disable the Root account. But at the moment I am unable because I prefer to use Nautilus/Dolphin on my home laptop for SFTP. The graphical interface also helps when comparing multiple config files at once, something that being limited to NANO or PICO would make extremely painful. The problem is that if I don't use ROOT I can't perform any SSH or SFTP actions with a graphical interface, because I can't use SUDO without the terminal. Does anyone else leave root enabled? I have a non-standard port, disabled password authentication in favor of ssh keys, and I have a tarpit configured
View 2 Replies
View Related
Jan 19, 2011
I'm running an SFPT server which my clients logon to using an FTP client. at the moment each client has a user name and password.
Thus far to improve security I've disabled root login but an looking for futrhrt ways to protect it from attack, having researched using google some of the security features suggested prevent the FPT clients from connecting.
Questions:
1- what further things can i do to secure my server that still allows it to be usable for FTP clients?
2- specifically is it possible to use non login pre-share key authentication?
How i set up the server is shown here: [url]
View 3 Replies
View Related
Mar 31, 2010
I have tried, to set this up, but failed what kind of ftp would you guys recomend, as i have been having slight problems over recent days, with unknowns logging onto my annon ftp server, delt with mind.
I am thinking about a proper login even for the annon account, fairly easy to setup.
View 9 Replies
View Related
Mar 8, 2011
I have a project stored on a university server which I'd like to be able to work on from home.
I already have an SFTP folder set up, which I can access easily in Nautilus, and I can freely copy files back and forth, or open them in e.g. gedit.
However, the project is in Matlab, and I cannot see the mounted SFTP folder from within Matlab. This means that I can't work on the project in Matlab without copying the whole lot across to my local machine when I want to work on it.
Is there some way I can get Matlab to "see" the connection so that I can use the mounted SFTP folder like any other in my filesystem? It appears on my desktop when connected - does it have some other mount location?
View 2 Replies
View Related
Mar 20, 2011
i want to allow some friends to ssh/sftp/scp into my system but i only want them to have access to my external hard drive (/media/externalHD/), and i dont want them to be able to delete or add anything, only download.i have found instructions on how to limit a user to his/her home directory and thought about just creating a user with the home directory /media/externalHD but idk if this will work and im afraid i might make a mistake and delete 800gb of 'files'
View 2 Replies
View Related
Jun 1, 2011
I want to access my files on my home computer when I'm away (school, vacation etc). I set up a scheduled task to send to send me my external IP address by email because I have a dynamic IP and dont want a static url. (dyndns) I planned to use sftp for an encrypted connection, but I dont know where to start. How can I set up my computer to accept incoming requests, but without any security issues?
Ubuntu 10.10 Desktop 32-bit
openssh-server installed
View 9 Replies
View Related
Jan 18, 2011
Is there software that is available that restricts access to ssh and sftp in a similar fashion as Chroot?
View 1 Replies
View Related
May 12, 2010
Once again, nobody seems to understand security properly when they decide to add nifty new features. After upgrading to 10.04 from 9.10, I now have a listing of all the user accounts under "Switch from" when I go the the logout menu at the upper right side of the task bar. This is a terrible security hole that should never have been allowed in the first place, and is just as annoying as the default behavior of listing all the user accounts on the login screen.
View 5 Replies
View Related
Mar 22, 2009
I have an encrypted /home partition but would like to set up a guest account for my brother. Obviously, encryption doesn't work so well when you give out the key so what I'd like to do is specify a different, unencrypted location as a home directory for the guest account so he doesn't need access to that partition. Is there a way of doing this?
I've got fedora 10, dual boot with windows, 2 hard drives, 1st is NTFS windows. 2nd is split into a swap, ext3 for the OS, and an encrypted partition for /home.
View 2 Replies
View Related
Nov 20, 2009
fedora 10 and im trying to set up some user accounts on a computer. My current problem is that we set up 2 root accounts and we need both to be able to authenticate. So far this works on the command line but whenever i'm on the GUI it seems that it only allows root to give its password for things. How do i enable the second account to do that as well.as a note, i am doing this for someone else so i have little to no control how this is set up, so please, i am not looking for reasons why this is not a good idea i would just like to figure this out
View 2 Replies
View Related
Feb 21, 2011
I am looking at creating two user accounts for "contract system admins"..These guys will be performing sys admin duties for a sever -- however, I am still concerned about security of data. For example, the server contains password information for our database, etc.Besides making them sign an NDA, etc. what other security mechanisms could I put in place to ensure that they don't just go buck wild. For example, when someone makes a sudo command, is this logged?
what are some recommendations for general security practices?
View 1 Replies
View Related
Mar 3, 2010
I want to use AD sys accounts to logon to linux servers. What is the best and most secure way to do this. This because we want to ensure it is tracable when a server administrator makes changes to a linux server. Now we use root to make changes to the servers.
View 13 Replies
View Related
Feb 12, 2011
I have been trying to use my DS2490 USB to serial device with a Maxim .DG1921G thermocron with owfs. It is supposed to give me access to a virtual file system for the thermocrom without needing to launch owfs as root.
Code:
/var/log/messages gives:
Feb 8 16:22:45 norman-HP-G56-Notebook-PC kernel: [ 236.140141] usb 5-1: new full speed USB device using ohci_hcd and address 2[code]....
but if ds2490 module is loaded it works when run sudo.It seems from this that it is a lack of permissions to USB but I have tried all the methods on at http://owfs.org/index.php?page=udev etc. to overcome this and a few others but none work.I am running Ubuntu 10.10 kernel 2.6.35-22-generic #33-Ubuntu SMP
View 1 Replies
View Related
Nov 9, 2010
if i want user should`t have more than 20 sftp connections to a server,is there any way we can limit no.of connections to a particular user on the server using ssh configuration
View 7 Replies
View Related
Jun 8, 2011
I've run into my first Linux/Unix roadblock and need support. I am creating a user strictly for SFTP and need them to login to a specific folder as well as set their navigate, write, and read permissions appropriatly but am having trouble. I was able to modify /etc/passwd to change their home location upon login but was warned that it was a bit dangerous to modify this file, even though my login test worked, and that I should look for an alternate solution in case shadow passwords were used. I'm reading up on chmod and understand the binary relationship but still can't seem to put the pieces together for each folder I'm working in. Below is what I need to satisfy: username for this test will be 'customer'
Example folder: /storage/company/files
1. User 'customer' needs to login to /storage/company/ by default.
2. User 'customer' needs browse, write, and read permissions to /storage/company/ and ALL files and subdirectories within this folder
3. User 'customer' must be UNABLE to navigate backwards toward folder root / or in general, navigate out of their primary home location.
View 1 Replies
View Related
Jun 6, 2010
I am currently running Ubuntu Server 9.10 as an FTP server. It has become a necessity to allow users access via SSH terminal or sftp via WinSCP. I need to be able to monitor what users are doing at any given time and be able to pull up each users activity history. Essentially I need to be able to pinpoint who modified a file at what time. Also what is the best method to monitor things like nmap probes?
View 1 Replies
View Related
Apr 15, 2010
I want to allow users to user sftp to upload and download files frome one folder, as you know this uses ssh, my question is if i create user to access linux serverthrough ftpd they will be able to browse the root directry, can I create users and ristrict them to only specific directory?
View 1 Replies
View Related
Jul 19, 2011
I currently have an ftp server setup using Ubuntu 10.04 and pureftpd with mysql as the backend. All the ftp users are "virual users" that are stored in mysql. I want my existing users to be able to use scp to transfer files instead of ftp. As far as I know, you can only use ssh/scp if you have a system account. All of my virtual users use the same system account of "ftpuser".
Is it even possible for me to setup the users with scp access, even though they don't have an actual system account? I really don't want to setup system accounts for each user. I have a lot of ftp users and I plan on expanding that number, so adding system accounts isn't ideal, plus I feel like that will bring new security issues (researching chroot for ssh and how to lock down ssh).
View 3 Replies
View Related
Sep 25, 2009
way to automate adding and removing users from 10 different Fedora 7 servers. We use them as print servers and our users have a user name and password to authenticate with when printing. We also use Samba to talk to a W2k3 server that tracks and charges the users for what they print. The set up was done by a vendor and after 6 months of being in production the scripts they created has flaws.
I need a way for a script to run as often as possible that will remove, change, or delete user accounts from the servers and from Samba. how to most effectively achieve this?
It would be ideal to have a file that gets written to when a change needs to be made then a script to make these changes?
View 1 Replies
View Related
