Pureftpd - FTP over SSH
http://download.pureftpd.org/pub/pure-ftpd/doc/FAQ
-> How to run Pure-FTPd over SSH? I want to encrypt all connection data (including passwords) . FTP-over-SSH is a nice alternative over FTP-over-SSL (impossible to securely firewall) and SFTP (which is slower, but only uses one port) . /usr/bin/false to your /etc/shells file (on some systems, it's /bin/false) . 2) To create a FTP-over-SSH account, Customers using Windows can use FTP-over-SSH with the excellent Van Dyke's SecureFX client (http://www.vandyke.com) . It doesn't require any special knowledge: just tell your customer to check "FTP-over-SSH2" in the "Protocol" listbox when creating an account for your FTP server. On the server side, here's how to manage FTP-over-SSH accounts: 1) Add
create
a system account with /dev/null as a home directory
and
/usr/bin/false as a shell.
You don't need a dedicated uid: the same uid can be reused for every FTP-over-SSH account.
3) Create a virtual user account for that user (either with PureDB, SQL or LDAP) .
Give that virtual user a real home directory and
only allow connections coming from 127.0.0.1
(all FTP-over-SSH sessions will come from localhost, due to SSH tunneling) .
People with no home directory (/dev/null) and no valid shell(/usr/bin/false) won't be able to get a shell
nor to run any command on your server.
But they will be granted FTP-over-SSH sessions.
Here are examples (Linux/OpenBSD/ISOS commands, translate them if necessary) .
1) Creating a regular FTP account:
pure-pw useradd customer1 -m -d /home/customer1 -u ftpuser
2) Creating a FTP-over-SSH account (non-encrypted sessions are denied):
useradd -u ftpuser -g ftpgroup -d /dev/null -s /usr/bin/false customer2
pure-pw useradd customer2 -m -d /home/customer2 -u ftpuser -r 127.0.0.1/32
3) Creating an account who can use regular (unencrypted) FTP from the
internal network (192.168.1.x), but who must use FTP-over-SSH when coming
from an external network (internet):
useradd -u ftpuser -g ftpgroup -d /dev/null -s /usr/bin/false customer3
pure-pw useradd customer3 -m -d /home/customer3 -u ftpuser -r 127.0.0.1/32,192.168.1.0/24
'opensource' 카테고리의 다른 글
mcrypt libmcrypt (0) | 2011.02.21 |
---|---|
hadoop (0) | 2010.06.28 |
Pureftpd MySQL authentication README (0) | 2010.06.22 |
Pureftpd Virtual-Users README (0) | 2010.06.22 |
redmine (0) | 2010.06.17 |
Latest update: 2010. 6. 22. 16:10