FTP Access but NOT Telnet

FTP Access but NOT Telnet

Post by Chris Brodi » Thu, 04 Nov 1999 04:00:00



I'm running Cladera Linux 2.2.10 and I'd like to set it up so that users
can ftp but NOT telnet to their accounts, without shutting down telnet
all together. I've tried editong hosts.deny & hosts.allow but that will
disable the ftp as well as the telnet. I set the user shell to /bin/true
but then ftp no longer works for that user.  ie:

user:x:500:501:User:/home/user:/bin/true

They can't login via telnet but they can't ftp either.

When I try:

user:x:500:501:User:/home/user:

They get the defualt bash when they telnet.

Any Ideas???

Thanks,
Chris

 
 
 

FTP Access but NOT Telnet

Post by Tad » Thu, 04 Nov 1999 04:00:00


Make their shell "/bin/false", then add "/bin/false" to /etc/shells.

Tad


>I'm running Cladera Linux 2.2.10 and I'd like to set it up so that users
>can ftp but NOT telnet to their accounts, without shutting down telnet
>all together. I've tried editong hosts.deny & hosts.allow but that will
>disable the ftp as well as the telnet. I set the user shell to /bin/true
>but then ftp no longer works for that user.  ie:

>user:x:500:501:User:/home/user:/bin/true

>They can't login via telnet but they can't ftp either.

>When I try:

>user:x:500:501:User:/home/user:

>They get the defualt bash when they telnet.

>Any Ideas???

>Thanks,
>Chris



 
 
 

FTP Access but NOT Telnet

Post by QuestionExchang » Tue, 09 Nov 1999 04:00:00


> I'm running Cladera Linux 2.2.10 and I'd like to set it up so
that users
> can ftp but NOT telnet to their accounts, without shutting
down telnet
> all together. I've tried editong hosts.deny & hosts.allow but
that will
> disable the ftp as well as the telnet. I set the user shell
to /bin/true
> but then ftp no longer works for that user.  ie:

> user:x:500:501:User:/home/user:/bin/true

> They can't login via telnet but they can't ftp either.

> When I try:

> user:x:500:501:User:/home/user:

> They get the defualt bash when they telnet.

> Any Ideas???

> Thanks,
> Chris


Actually, you can do this through hosts.allow and hosts.deny.
hosts.deny
ALL: ALL
hosts.allow
in.telnetd: 10.0.0.0/255.0.0.0
in.ftpd: ALL
This would disable all access to your box except ftp from all
addresses, and telnet from 10. networks (I don't know what your
network topology is so input your own numbers here).

--
  This answer is courtesy of QuestionExchange.com
  http://www.questionexchange.com/showUsenetGuest.jhtml?ans_id=7286&cus...

 
 
 

1. Delay on initial access server ftp, http and telnet, etc - NOT usual reverse dns problem

I'm going to be a bit wordy here, because this is truly weird.

My understanding is that if there is no reverse DNS lookup for
something, and reverse dns lookups are on for a server in general,
there's a big delay while things time out.

If that's the case (there's no DNS entry for the client, as might be
the case on a LAN) then you whack the client into the hosts file, and
make sure that the search order is "hosts, then dns" so that it's
found there and things proceed apace, thusly, without DNS ever being
consulted:

XXX.XXX.XXX.XXX    domain.sfx yadda

I've got a situation where I've got a host elsewhere on our ISP's DSL
network, not on our LAN (it was on our LAN, but it's been moved...
worked great on our lan with nothing but the appropriate hosts
entries). In the server machine's etc/hosts file, is our WAN IP, in
the form shown above. Likewise, on my machine, I've got that server's
IP and domain name in my local hosts file (win98). I can see the
lookup of the remote server happen instantly - explorer reports it is
attempting to connect to the right IP, there's no delay. The delay
appears to be at the other end.

The search order on the remote server machine is hosts, then dns.

Yet, when I try to get to it, there is a huge delay initially, such
that telnet and ftp will time out, but a couple of attempts with http
to the root domain will, eventually, get the web index page. Once
that's done, telnet and ftp run fine, as does http. fast connections,
no timeouts. If you leave them alone for a while, no activity on any
service, the delay returns, as if there's something being cached
somewhere on the server that lets the incoming machine (me) access
stuff, then being expired. As far as I know, there's no local DNS
running on the machine - it uses our ISP's dns. There is a hardware
firewall in a router between the remote server and the WAN, but it is
set to pass all the appropriate ports, and it knows about the ISP's
DNS as well.

Now, I should add that I'm hitting this machine from a win98 system,
but as I understand it, it all works the same (it certainly seemed to
work fine when we had the machine on our LAN!)

Also, the machine I'm on does have a "real" dns entry out on the WAN,
maintained by our ISP - I only put us in the hosts file on the remote
server because the delay was driving me up a wall, and I thought the
DNS lookup was just slow - that wasn't it, though, because it's STILL
piggy as heck.

Running Red hat 6 for the server.

Anyone? Any ideas? I'm getting a headache... :(

Walt
Software Engineer
Black Belt Systems
http://www.blackbeltsystems.com/

2. Paging Puzzle

3. Limiting access to machine for only ftp, not telnet

4. LOCAL: Little Rock LUG meeting (Oct. 18th)

5. FTP Newbie can ping, telnet but not FTP

6. Odd problem with login after upgrade.

7. ftp newbie can pnig, telnet but not ftp

8. Caldera2.2 KDE Sound problem

9. ftp/telnet open processes lagging ftp/telnet startup

10. telnet & ftp access

11. slow access to a linux machine with telnet ftp or httpd from another PC

12. limiting the ftp and telnet access.