Setting vsftpd to only allow local connections...

Setting vsftpd to only allow local connections...

Post by Sam Nichol » Fri, 27 Jun 2003 02:30:58



Hello,
I'd like to setup vsftpd to only allow connections from local processes
such that I could create a ssh tunnel to my server and connected to the
ftp daemon through the tunnel, but it wouldn't listen to any remotely
accessable port?  I see in the docs how to allow access to local users,
thats not quite what I'm looking for though.

Thanks

 
 
 

Setting vsftpd to only allow local connections...

Post by Kenneth A Kauffma » Fri, 27 Jun 2003 02:55:06



Quote:> Hello,
> I'd like to setup vsftpd to only allow connections from local processes
> such that I could create a ssh tunnel to my server and connected to the
> ftp daemon through the tunnel, but it wouldn't listen to any remotely
> accessable port?  I see in the docs how to allow access to local users,
> thats not quite what I'm looking for though.

> Thanks

Hmm.. what is the ultimate goal?  If it is to transfer files securely; you
can use SFTP, which is installed by default as a subsystem to SSH.  Are you
trying to do FTP over SSL using VSFTP?

ken k

 
 
 

Setting vsftpd to only allow local connections...

Post by Sam Nichol » Sat, 28 Jun 2003 02:41:50






> > Hello,
> > I'd like to setup vsftpd to only allow connections from local processes
> > such that I could create a ssh tunnel to my server and connected to the
> > ftp daemon through the tunnel, but it wouldn't listen to any remotely
> > accessable port?  I see in the docs how to allow access to local users,
> > thats not quite what I'm looking for though.

> > Thanks

> Hmm.. what is the ultimate goal?  If it is to transfer files securely; you
> can use SFTP, which is installed by default as a subsystem to SSH.  Are you
> trying to do FTP over SSL using VSFTP?

> ken k

What I want to do is use the FTP protocol securely.  The software I use
to edit files (BBEdit) doesn't support sftp, only ftp (port 21) so I
want to tunnel through my local computer to my server at home's FTP port
BUT I don't want any computers to be able to connect to the FTP port
without going through a tunnel.
 
 
 

Setting vsftpd to only allow local connections...

Post by Kenneth A Kauffma » Sat, 28 Jun 2003 03:27:53







> > > Hello,
> > > I'd like to setup vsftpd to only allow connections from local
processes
> > > such that I could create a ssh tunnel to my server and connected to
the
> > > ftp daemon through the tunnel, but it wouldn't listen to any remotely
> > > accessable port?  I see in the docs how to allow access to local
users,
> > > thats not quite what I'm looking for though.

> > > Thanks

> > Hmm.. what is the ultimate goal?  If it is to transfer files securely;
you
> > can use SFTP, which is installed by default as a subsystem to SSH.  Are
you
> > trying to do FTP over SSL using VSFTP?

> > ken k

> What I want to do is use the FTP protocol securely.  The software I use
> to edit files (BBEdit) doesn't support sftp, only ftp (port 21) so I
> want to tunnel through my local computer to my server at home's FTP port
> BUT I don't want any computers to be able to connect to the FTP port
> without going through a tunnel.

use the native SSH port forwarding.  you will need to forward ports 20 and
21.  this will allow you SSH into your remote machine, then use LOCALHOST
from your client.  the SSH port forwarding will then send the requests
through the tunnel.  The lock down ports 20-21 on your box using IPTABLES or
your firewall/router.  Then the connection can only be made from a valid
user with SSH access and port forwarding enabled.

I can't quite remember, but I think if you wanted to wrap FTP with SSL then
you would need a client that suports that also.
ken k

 
 
 

1. vsftpd with ssl - vsftpd.user_list not working

hi there...

i've successfully set up a vsftpd server with ssl running on debian
sarge. but the userlist_enable=YES does not realy work! user "sysadmin"
is able to log in but he isn't listed in /etc/vsftpd.user_list!

here's my server config:

# FTP SETTINGS
write_enable=YES
download_enable=YES
ascii_download_enable=YES
ascii_upload_enable=YES
dirlist_enable=YES
dirmessage_enable=NO
hide_ids=YES
pasv_enable=YES

# LOGGING
log_ftp_protocol=YES
xferlog_enable=YES

# SSHL SETTINGS
ssl_enable=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
force_local_logins_ssl=YES
force_local_data_ssl=YES

# LISTEN SETTINGS
listen=YES
listen_address=80.*.*.*
listen_port=21
listen_ipv6=NO
max_clients=5
max_per_ip=3
connect_from_port_20=YES

# USER MANAGEMENT
secure_chroot_dir=/var/run/vsftpd
userlist_deny=NO
userlist_enable=YES
userlist_file=/etc/vsftpd.user_list
user_config_dir=/etc/vsftpd_user_conf
chroot_list_file=/etc/vsftpd.chroot_list
chroot_list_enable=YES
chroot_local_user=YES
anon_world_readable_only=NO
anonymous_enable=NO
local_enable=YES
pam_service_name=vsftpd
nopriv_user=ftpsecure

any ideas?

thanks,
christof

2. backport sys_sendfile64

3. Setting up PPP under Solaris 2.4 to allow PC connection help wanted:

4. This newsgroup

5. ASCII connection not allowed to my ISP with pppd connection

6. SunRay NSCM Duplicate Sessions

7. VSFTPD documentation wrong - can't block anonymous connections

8. CDE / X problem with 2.5.1 du11 (x86)

9. Problem setting common root folder vsFTPd

10. Did setup Linux, but having problems setting up Local Email between local users

11. IPF connections work local connections don't

12. Unexpected connection timeouts on local TCP connections

13. vsFTPd - Problem setting root folder for all users