On Wed, Jan 24, 2001 at 11:01:04AM +0100, Francesco Tapparo wrote: > Some user of a system I administer want to ftp in my system. The problem is > that with ftp all the passowrd are in clear and I fear someone can sniff the > and use them to ssh in my system. > the majority of the windows users don't have ssh (at least a good ssh) so > the hint "use ssh" is not practicable for me. > What is the best way to configure the ftp server to minimize the sniffing > risks?
set it to chroot the user into thier home directory, set the home directory itself readonly to the user (owned by root, readable by user), make sure they cannot add/alter any ~/.dotfiles. and make sure the account cannot be logged into interactivly. such as by setting the shell to /bin/false or /usr/local/sbin/nologin (a small OpenBSD program that prints `go away' and exits). make sure you run a secure ftpd, such as the OpenBSD ftpd and not wu-ftpd or proftpd. preferably the user should not be able to write to the ftp space at all. you can also use pam to deny these users access to any service except ftp. create a file /etc/ftplusers and add the usernames to it, then add this line to all /etc/pam.d files except ftp: auth required pam_listfile.so item=user sense=deny file=/etc/ftplusers onerr=succeed this way when the ftplusers password is sniffed the attacker will only be able to login to a chrooted ftp directory. you should probably set disk quotas for the ftp users as well. force the users to use GOOD passwords as well. (perhaps set thier shell to /usr/bin/passwd and allow ssh (i suppose telnet since win* users refuse to be secure) access so they can change the password.) make them change thier password once a week until they start using secure protocols such as ssh. -- Ethan Benson http://www.alaska.net/~erbenson/
pgp33g7Cce55g.pgp
Description: PGP signature
