Disabling root access via Ftp??

damainman

Well-Known Member
Nov 13, 2003
515
0
166
I'm using pureftp and last night someone was trying to access root via ftp, but was unsuccessful. I was told that pureftp doesn't have anything by default that would prevent someone logging in to root.

So i'm curious.. is this true or not?
 

cortices

Well-Known Member
Mar 10, 2003
45
0
156
Dallas, TX
Add root to /etc/ftpusers.

Any user listed in this file will not be able to FTP to your server. This is a standard which all FTP servers conform to.
 

roax66

Well-Known Member
Jan 21, 2004
56
0
156
On the contrary

On the contrary I would like to access my server (which is using Pureftp) by logging in as root and also to be able to view the complete directory tree. From beginning on my server it is neither possible to log in as root nor to view the complete directory tree.
 

cortices

Well-Known Member
Mar 10, 2003
45
0
156
Dallas, TX
On the contrary? If you are not able to login as root, then root is probably already in /etc/ftpusers. A few distributions follow this by default, as do some datacenters.

Of course, this is as it should be. There is absolutely no excuse for logging into FTP or any other service for that matter with root. FTP is especially bad because it transmits passwords in clear text.
 

webolocity

Well-Known Member
Jul 22, 2003
78
0
156
SSH Program

If you want a good program which uses SSH and allows for both view of trees (such as in FTP), as well as switching to shell, try this one.

http://www.ssh.com/

It is not free. but it works well, and utilizes SSH instead of in-secure FTP.

Hope this helps.
 

joako

Well-Known Member
Aug 7, 2003
112
2
168
cPanel Access Level
DataCenter Provider
What do you do when you have to login as another user first and then SU as root? I cant seem to find an SU option in the program (I've been using it for quite a while..)
 

roax66

Well-Known Member
Jan 21, 2004
56
0
156
No, root is not in my /etc/ftpusers. I get a Authentication failed in my WS_ftp.
 

webolocity

Well-Known Member
Jul 22, 2003
78
0
156
Re: ssh.com program

--------------------------------------------------------------------
Re: "What do you do when you have to login as another user first and then SU as root? I cant seem to find an SU option in the program (I've been using it for quite a while..)"
-------------------------------------------------------------------

We use it to login as root since it uses SSH, and we give no other accounts shell access.

What I would try is to sign on as the user via the ftp part, and than connect to the shell part using the toggle at the top, su as root, than use the toggle again to go back to the FTP part, and see if it than has you as root.

I would close out the FTP part, after you have gone to shell, so that it would need to be re-opened when you use the link to get back to that part of the program (after you have used su to root in shell).

Usually, when you use the icon, after signing into shell you are not required to log in again, so maybe it would not require a re-login to the FTP portion as well.

Hope that works for you.
 
Last edited:

jamesbond

Well-Known Member
Oct 9, 2002
737
1
168
I recently switched to Pureftpd, but the /etc/ftpusers file doesn't seem to have any effect with Pureftpd

When I try to log in with a username listed in /etc/ftpusers I get this message :

331 User test OK. Password required

Can someone verify this?

Other things I noticed:

- pureftpd doesn't log failed attempts to /var/log/secure (proftpd does)
- the shell command 'last' doesn't show any users who logged in with ftp
 
Last edited: