Disabling root access via Ftp??

[damainman]

I'm using pureftp and last night someone was trying to access root via ftp, but was unsuccessful. I was told that pureftp doesn't have anything by default that would prevent someone logging in to root.

So i'm curious.. is this true or not?

[cortices]

Add root to /etc/ftpusers.

Any user listed in this file will not be able to FTP to your server. This is a standard which all FTP servers conform to.

[roax66]

On the contrary I would like to access my server (which is using Pureftp) by logging in as root and also to be able to view the complete directory tree. From beginning on my server it is neither possible to log in as root nor to view the complete directory tree.

[cortices]

On the contrary? If you are not able to login as root, then root is probably already in /etc/ftpusers. A few distributions follow this by default, as do some datacenters.

Of course, this is as it should be. There is absolutely no excuse for logging into FTP or any other service for that matter with root. FTP is especially bad because it transmits passwords in clear text.

[webolocity]

If you want a good program which uses SSH and allows for both view of trees (such as in FTP), as well as switching to shell, try this one.

http://www.ssh.com/

It is not free. but it works well, and utilizes SSH instead of in-secure FTP.

Hope this helps.

[joako]

What do you do when you have to login as another user first and then SU as root? I cant seem to find an SU option in the program (I've been using it for quite a while..)

[roax66]

No, root is not in my /etc/ftpusers. I get a Authentication failed in my WS_ftp.

[webolocity]

--------------------------------------------------------------------
Re: "What do you do when you have to login as another user first and then SU as root? I cant seem to find an SU option in the program (I've been using it for quite a while..)"
-------------------------------------------------------------------

We use it to login as root since it uses SSH, and we give no other accounts shell access.

What I would try is to sign on as the user via the ftp part, and than connect to the shell part using the toggle at the top, su as root, than use the toggle again to go back to the FTP part, and see if it than has you as root.

I would close out the FTP part, after you have gone to shell, so that it would need to be re-opened when you use the link to get back to that part of the program (after you have used su to root in shell).

Usually, when you use the icon, after signing into shell you are not required to log in again, so maybe it would not require a re-login to the FTP portion as well.

Hope that works for you.

[touma]

http://winscp.net

[jamesbond]

I recently switched to Pureftpd, but the /etc/ftpusers file doesn't seem to have any effect with Pureftpd

When I try to log in with a username listed in /etc/ftpusers I get this message :

331 User test OK. Password required

Can someone verify this?

Other things I noticed:

- pureftpd doesn't log failed attempts to /var/log/secure (proftpd does)
- the shell command 'last' doesn't show any users who logged in with ftp