Answer the question
In order to leave comments, you need to log in
D
D
Denis Sechin2017-03-16 11:27:13
Denis Sechin, 2017-03-16 11:27:13
How to prevent ftp user from ssh into server?
There is an ubuntu 16 server with vsftps and ssh on it. Created two media users - to log in via ssh and ftp - to log in via ftp. But the matter is that I on ssh can come also from the ftp-user. How to prevent ftp user from ssh login? dev/null in /etc/passwd doesn't help, i.e. closes both ssh and ftp.
media:x:1000:1000:media,,,:/home/media:/bin/bash
sshd:x:121:65534::/var/run/sshd:/usr/sbin/nologin
ftp:x:1001: 1001:,,,:/home/ftp:/dev/null
3 answer(s)
@tamogavk
@martin74ua
@sashkets
P
pfg21, 2017-03-16 @tamogavk
in /etc/ssh/sshd_config add
DenyUsers or DenyGroups excerpt
from man sshd_config
DenyUsers
This keyword can be followed by a list of user name patterns, separated by spaces. Login is disallowed for user names that match one of the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form [email protected] then USER and HOST are separately checked, restricting logins to particular users from particular hosts. The allow/deny directives are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.
R
Ruslan Fedoseev, 2017-03-16 @martin74ua
usermod -s /sbin/nologin ftp
usermod -s /bin/date ftp
The idea is to give a shell that does nothing ;)
A
Alexander Chernykh, 2017-03-16 @sashkets
I'll add 5 cents too.
Create virtual ftp-users (proftpd+mysql), and on system accounts - either delete those used for ftp sefchas or give a nologin shell
Similar questions
S
Y
W
A
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question