subject:"pure\-ftpd with SFTP and PureDB Authentication \(fwd\)"

Re: pure-ftpd with SFTP and PureDB Authentication (fwd)

2004-06-03 Thread Geert Hendrickx

On Wed, Jun 02, 2004 at 01:42:57PM -0800, Noah wrote:
 On Sun, 30 May 2004 01:25:28 +0200, Geert Hendrickx wrote
  On Sat, May 29, 2004 at 01:40:06PM -0800, Noah wrote:
   
   
   FreeBSD 4.9-STABLE
   pure-ftpd version 1.0.18
   
   I am unable to login via SFTP using accounts that exist in the PureDB.
   The password is denied according to the client and there are no log
   messages collected in the server's log files.
   
   When I set the server's TLS option to disable SSL/TLS encryption layer
   ( TLS 0 ) - I  am able to log in with clear text passwords to accounts
   located in the PureDB.
   
   I have PureDB authentication method uncommented in the  pure-ftpd.conf
   configuration file - attached below.
   
   so what am I doing wrong.  how can I have SSL/TLS forced logins and allow
   those with PureDB accounts to get authenticated please?
   
   cheers,
   
   noah
  
  sftp connects to sshd, not ftpd.  So use ssh-login/pw for encrypted
  logins and sessions.
  
 
 
 Okay thanks for letting me know.  I am trying to allow only secure FTP logins
 but dont want general accounts for each user.  it would be nice to have
 accounts that only have FTP access and access to specific directories.  can
 you suggest a way that I can do this while still only allowing SFTP connections?
 
 cheers,
 
 Noah
 
 
  GH

SFTP is for giving secure-ftp-access to users who also have secure-
shell-access (SSH), so I don't think it's appropriate for your case.
FTP-logins can be totally separated from shell-logins (with a separate
passwords-database or even virtual users on some ftp-servers), so I
think you better go on with your FTP-configuration, but then use a SSL-
aware FTP-client to make secured connections to your server, not SFTP.  

GH
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pure-ftpd with SFTP and PureDB Authentication (fwd)

2004-06-03 Thread Noah


 
 SFTP is for giving secure-ftp-access to users who also have secure-
 shell-access (SSH), so I don't think it's appropriate for your case.
 FTP-logins can be totally separated from shell-logins (with a 
 separate passwords-database or even virtual users on some ftp-
 servers), so I think you better go on with your FTP-configuration, 
 but then use a SSL- aware FTP-client to make secured connections to 
 your server, not SFTP.

I dont completely understand here - how can I force people with FTP accounts
to log in securely?

- noah



 
 GH
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pure-ftpd with SFTP and PureDB Authentication (fwd)

2004-06-03 Thread Noah


 
 SFTP is for giving secure-ftp-access to users who also have secure-
 shell-access (SSH), so I don't think it's appropriate for your case.
 FTP-logins can be totally separated from shell-logins (with a 
 separate passwords-database or even virtual users on some ftp-
 servers), so I think you better go on with your FTP-configuration, 
 but then use a SSL- aware FTP-client to make secured connections to 
 your server, not SFTP.

I dont completely understand here - how can I force people with FTP accounts
to log in securely? As in - how do I force SSL authenticated logins but still
allow authentication to the accounts in Pureftp DB file?

thanks in advance,

- noah



 
 GH
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pure-ftpd with SFTP and PureDB Authentication (fwd)

2004-06-03 Thread Robert Storey

If your users want a GUI client and they run Linux or *BSD, then they
can easily configure Gftp to use sftp rather than ftp. In this scenario,
you don't need to run Pureftp on your server - sftp (which uses the sshd
daemon) will do the whole job.

In Gftp, you set this up by clicking FTP-Options-SSH, and on the line
that says SSH2 sftp-server path type /usr/libexec/sftp-server. This
is the sftp-server path for FreeBSD, though note that if your users try
to connect to another server that uses a different path (some Linux
distros use /usr/lib/sftp-server) they'll have to change the path.
Anyway, once this option is set, the only thing the user has to do is
click on the FTP icon (upper right-hand side of Gftp screen) and
select SSH2 (as opposed to FTP). That's all.

All of the above applies to Linux and *BSD, and maybe to OSX as well.
But if your users are running Windows, I have no idea. It may be
possible with some Windows ftp clients, but you'll have to research that
on your own.

Maybe I haven't really answered your question.

best regards,
Robert

On Thu, 3 Jun 2004 08:26:55 -0800
Noah [EMAIL PROTECTED] wrote:

 
  
  SFTP is for giving secure-ftp-access to users who also have secure-
  shell-access (SSH), so I don't think it's appropriate for your case.
  FTP-logins can be totally separated from shell-logins (with a 
  separate passwords-database or even virtual users on some ftp-
  servers), so I think you better go on with your FTP-configuration, 
  but then use a SSL- aware FTP-client to make secured connections to 
  your server, not SFTP.
 
 I dont completely understand here - how can I force people with FTP
 accounts to log in securely? As in - how do I force SSL authenticated
 logins but still allow authentication to the accounts in Pureftp DB
 file?
 
 thanks in advance,
 
 - noah
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pure-ftpd with SFTP and PureDB Authentication (fwd)

2004-06-02 Thread Noah

On Sun, 30 May 2004 01:25:28 +0200, Geert Hendrickx wrote
 On Sat, May 29, 2004 at 01:40:06PM -0800, Noah wrote:
  
  
  FreeBSD 4.9-STABLE
  pure-ftpd version 1.0.18
  
  I am unable to login via SFTP using accounts that exist in the PureDB.
  The password is denied according to the client and there are no log
  messages collected in the server's log files.
  
  When I set the server's TLS option to disable SSL/TLS encryption layer
  ( TLS 0 ) - I  am able to log in with clear text passwords to accounts
  located in the PureDB.
  
  I have PureDB authentication method uncommented in the  pure-ftpd.conf
  configuration file - attached below.
  
  so what am I doing wrong.  how can I have SSL/TLS forced logins and allow
  those with PureDB accounts to get authenticated please?
  
  cheers,
  
  noah
 
 sftp connects to sshd, not ftpd.  So use ssh-login/pw for encrypted
 logins and sessions.
 


Okay thanks for letting me know.  I am trying to allow only secure FTP logins
but dont want general accounts for each user.  it would be nice to have
accounts that only have FTP access and access to specific directories.  can
you suggest a way that I can do this while still only allowing SFTP connections?

cheers,

Noah


 GH
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

pure-ftpd with SFTP and PureDB Authentication (fwd)

2004-05-29 Thread Noah



FreeBSD 4.9-STABLE
pure-ftpd version 1.0.18

I am unable to login via SFTP using accounts that exist in the PureDB.
The password is denied according to the client and there are no log
messages collected in the server's log files.

When I set the server's TLS option to disable SSL/TLS encryption layer
( TLS 0 ) - I  am able to log in with clear text passwords to accounts
located in the PureDB.

I have PureDB authentication method uncommented in the  pure-ftpd.conf
configuration file - attached below.

so what am I doing wrong.  how can I have SSL/TLS forced logins and allow
those with PureDB accounts to get authenticated please?

cheers,

noah

here is the /usr/local/etc/pure-ftpd.conf file --- I am running pureftpd
without any switches other than to define the following configuration
file.

--- snip ---


#  #
# Configuration file for pure-ftpd wrappers#
#  #


# If you want to run Pure-FTPd with this configuration
# instead of command-line options, please run the
# following command :
#
# /usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf
#
# Please don't forget to have a look at documentation at
# http://www.pureftpd.org/documentation.html for a complete list of
# options.

# Cage in every user in his home directory

ChrootEveryone  yes

# If the previous option is set to no, members of the following group
# won't be caged. Others will be. If you don't want chroot()ing anyone,
# just comment out ChrootEveryone and TrustedGID.

# TrustedGID100

# Turn on compatibility hacks for broken clients

BrokenClientsCompatibility  no

# Maximum number of simultaneous users

MaxClientsNumber50

# Fork in background

Daemonize   yes

# Maximum number of sim clients with the same IP address

MaxClientsPerIP 8

# If you want to log all client commands, set this to yes.
# This directive can be duplicated to also log server responses.

VerboseLog  no

# List dot-files even when the client doesn't send -a.

DisplayDotFiles yes

# Don't allow authenticated users - have a public anonymous FTP only.

AnonymousOnly   no

# Disallow anonymous connections. Only allow authenticated users.

NoAnonymous no

# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
# The default facility is ftp. none disables logging.

SyslogFacility  ftp

# Display fortune cookies

# FortunesFile  /usr/share/fortune/zippy

# Don't resolve host names in log files. Logs are less verbose, but
# it uses less bandwidth. Set this to yes on very busy servers or
# if you don't have a working DNS.

DontResolve no

# Maximum idle time in minutes (default = 15 minutes)

MaxIdleTime 15

# LDAP configuration file (see README.LDAP)

# LDAPConfigFile/etc/pureftpd-ldap.conf

# MySQL configuration file (see README.MySQL)

# MySQLConfigFile   /etc/pureftpd-mysql.conf

# Postgres configuration file (see README.PGSQL)

# PGSQLConfigFile   /etc/pureftpd-pgsql.conf

# PureDB user database (see README.Virtual-Users)

PureDB/usr/local/etc/pureftpd.pdb

# Path to pure-authd socket (see README.Authentication-Modules)

# ExtAuth   /var/run/ftpd.sock

# If you want to enable PAM authentication, uncomment the following line

#  PAMAuthentication yes

# If you want simple Unix (/etc/passwd) authentication, uncomment this

#  UnixAuthenticationyes

# Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
# UnixAuthentication can be used only once, but they can be combined
# together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
# the SQL server will be asked. If the SQL authentication fails because the
# user wasn't found, another try # will be done with /etc/passwd and
# /etc/shadow. If the SQL authentication fails because the password was wrong,
# the authentication chain stops here. Authentication methods are chained in
# the order they are given.

# 'ls' recursion limits. The first argument is the maximum number of
# files to be displayed. The second one is the max subdirectories depth

LimitRecursion  2000 8

# Are anonymous users allowed to create new directories ?

AnonymousCanCreateDirs  no

# If the system is more loaded than the following value,
# anonymous users aren't allowed to download.

MaxLoad 4

# Port range for passive connections replies. - for firewalling.

# PassivePortRange  3 5

# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
# Symbolic host names are also accepted for gateways with dynamic IP
#

Re: pure-ftpd with SFTP and PureDB Authentication (fwd)

2004-05-29 Thread Geert Hendrickx

On Sat, May 29, 2004 at 01:40:06PM -0800, Noah wrote:
 
 
 FreeBSD 4.9-STABLE
 pure-ftpd version 1.0.18
 
 I am unable to login via SFTP using accounts that exist in the PureDB.
 The password is denied according to the client and there are no log
 messages collected in the server's log files.
 
 When I set the server's TLS option to disable SSL/TLS encryption layer
 ( TLS 0 ) - I  am able to log in with clear text passwords to accounts
 located in the PureDB.
 
 I have PureDB authentication method uncommented in the  pure-ftpd.conf
 configuration file - attached below.
 
 so what am I doing wrong.  how can I have SSL/TLS forced logins and allow
 those with PureDB accounts to get authenticated please?
 
 cheers,
 
 noah

sftp connects to sshd, not ftpd.  So use ssh-login/pw for encrypted
logins and sessions.  

GH
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pure-ftpd with SFTP and PureDB Authentication (fwd)

Re: pure-ftpd with SFTP and PureDB Authentication (fwd)

Re: pure-ftpd with SFTP and PureDB Authentication (fwd)

Re: pure-ftpd with SFTP and PureDB Authentication (fwd)

Re: pure-ftpd with SFTP and PureDB Authentication (fwd)

pure-ftpd with SFTP and PureDB Authentication (fwd)

Re: pure-ftpd with SFTP and PureDB Authentication (fwd)

7 matches

Site Navigation

Mail list logo

Footer information