Pureftpd - FTP over SSH
http://download.pureftpd.org/pub/pure-ftpd/doc/FAQ


-> How to run Pure-FTPd over SSH? I want to encrypt all connection data
(including passwords) .

FTP-over-SSH is a nice alternative over FTP-over-SSL (impossible to securely
firewall) and SFTP (which is slower, but only uses one port) .

Customers
Customers using Windows can use FTP-over-SSH with the excellent Van Dyke's SecureFX client (http://www.vandyke.com) . It doesn't require any special knowledge: just tell your customer to check "FTP-over-SSH2" in the "Protocol" listbox when creating an account for your FTP server. On the server side, here's how to manage FTP-over-SSH accounts: 1) Add /usr/bin/false to your /etc/shells file (on some systems, it's /bin/false) . 2) To create a FTP-over-SSH account
create 
a system account with /dev/null as a home directory 
and 
/usr/bin/false as a shell. 
You don't need a dedicated uid: the same uid can be reused for every FTP-over-SSH account.

3) Create a virtual user account for that user (either with PureDB, SQL or LDAP) . 
Give that virtual user a real home directory and 
only allow connections coming from 127.0.0.1 
(all FTP-over-SSH sessions will come from localhost, due to SSH tunneling) .

People with no home directory (/dev/null) and no valid shell(/usr/bin/false) won't be able to get a shell 
nor to run any command on your server. 
But they will be granted FTP-over-SSH sessions.



Here are examples (Linux/OpenBSD/ISOS commands, translate them if necessary) .

1) Creating a regular FTP account:

pure-pw useradd customer1 -m -d /home/customer1 -u ftpuser
2) Creating a FTP-over-SSH account (non-encrypted sessions are denied):
useradd -u ftpuser -g ftpgroup -d /dev/null -s /usr/bin/false customer2
pure-pw useradd customer2 -m -d /home/customer2 -u ftpuser -r 127.0.0.1/32
3) Creating an account who can use regular (unencrypted) FTP from the internal network (192.168.1.x), but who must use FTP-over-SSH when coming from an external network (internet):
useradd -u ftpuser -g ftpgroup -d /dev/null -s /usr/bin/false customer3
pure-pw useradd customer3 -m -d /home/customer3 -u ftpuser -r 127.0.0.1/32,192.168.1.0/24


        

'opensource' 카테고리의 다른 글

mcrypt libmcrypt  (0) 2011.02.21
hadoop  (0) 2010.06.28
Pureftpd MySQL authentication README  (0) 2010.06.22
Pureftpd Virtual-Users README  (0) 2010.06.22
redmine  (0) 2010.06.17
Latest update: 2010. 6. 22. 16:10