root ftp account ?

Hi everybody,
I was wondering how to create a root/master ftp account where the home directory would be / or /root ?

Not sure, but you should consider the security risk in doing that. Especially if you are using regular (non-secure) FTP for sending the username/password in plain text.

yeah i know it’s not very good but i currently have bigger problems and i need this ftp access hoping i can solve my problems!

One idea might be to just install another FTP server independant of the Iworx ProFTPD and just have it run on another port.

There might be an easier way, but this might be better because once you fix your problems you could just take down this FTP without ever affecting the Iworx one.

Unless you or your host have disabled it the root user should be able to login via SFTP.

I would STRONGLY arecommend against using regular FTP.

Tim

yes, sftp is working, i didn’t know it!
Thank you for your help :slight_smile:

SFTP is installed on an Iworx server by default?

I have added SSL to ProFTPD and it works with certain FTP clients, but does not work with SFTP in DreamWeaver. Is the SFTP just the SSH on port 22?

Thanks for the info

Cool, it works.

Downside is you have to give a user access to SSH because it uses their Linux username and not the Iworx FTP name.

Does anyone know a way to use a dummy shell to not allow SSH but at the same time let SFTP?

Thanks!

[EDIT 1:10PM]
Doing some research (aka google) I found that for SSH2 there is a “ssh-dummy-shell”. The free open SSH version on the Iworx server doesn’t have this, but then I found that ssh-dummy-shell just executes “sftp-server”. Doing a find I was able to locate this sftp-server and made that the default login and this allows SFTP to work but will not allow SSH shell logins

Although this is based on the linux user, I doubt that this would be included in the user’s bandwidth (which is now counted when using ProFTPD).

Yes, It’s installed by default.

As for giving access to ssh, you should be able to disable ssh access with the usermod command usermod -s /etc/dev/nul or something like that.

If you make the login shell /etc/dev/nul it makes it so you can’t SSH in, but also disables the SFTP. Also, the /sbin/nologin will disable SFTP access.

What I posted in my “EDIT” above works… setting the shell to “/usr/libexec/openssh/sftp-server”

I tried, very UNsucessfully to get SSL working with ProFTPD a few months ago. How did you manage to get it working? =)

I guess this a cool alternative, and i’ll have to check it out. But i went through even this forum, and I believe it was your thread about adding SSL, but it never worked out AT ALL.

If you could shed some light on it, that would be great =)

I’ll give it a try :smiley:

First on the ProFTPD secure version uses TLS. I followed Chris from Iworx instructions (Thanks again Chris!) and that got it working. I am on a RH9 box, so you would need to change stuff around a little to fit you setup.

Here is the thread with the directions:
http://interworx.info/forums/showthread.php?t=317

You will need to read to almost the bottom b/c there is some stuff you have to add to the ProFTPD config file after installing the Mod_TLS.

Now the Secure ProFTPD is different from SFTP. I have not really looked into what is technically different. I have only been able to use ProFTPD securely with SmartFTP.

The only other program I tried using was DreamWeaver (which has a SFTP client built in). I couldn’t get it to connect right using ProFTPD which I’m now thinking becasue I have SecureProFTPD setup on port 21 (same as non-secure). I don’t think you can change the port number for SFTP on DreamWeaver.

I guess the only way to find out would be to turn off SSH and let SecureProFTPD run on port 22 and then try to connect with DreamWeaver. SFTP (SSH one on port 22) does work when I use the Linux username and password for an account.

And as I showed above I was able to give this access without giving shell access, but this still does let people peek around the server files, so that isn’t really the best solutions (I have only enabled SFTP on accounts I manage and still disabled SSH access).

What I would really like would be a default Iworx secure FTP environment. I think the time of regular FTP is fading.

More info on SFTP (ssh) vs FTPS (mod_tls)

I found this page on google (It’s translated, but you can still get the idea.).
http://translate.google.com/translate?hl=en&sl=de&u=http://www.pro-linux.de/t_netzwerk/burn-ftp-burn.html&prev=/search%3Fq%3DProftpd%2Bmod_tls%2Bvs%2BSFTP%26hl%3Den%26lr%3D%26client%3Dfirefox-a%26rls%3Dorg.mozilla:en-US:official%26sa%3DG

It basically talks about the differences between SFTP and FTPS.

So basically I am assuming now that dreamweaver is a SFTP client only and that’s why it won’t connect to ProFTPD as a FTPS.

I think I will post a feature request for ProFTPD to be default to FTPS server. The way I have it, it works great. Just port 21 and it accepts non secure and secure connections.

Justec, as always, i can’t thank you enough for taking the time to post and try to help me through an issue. You’re not even a Moderator, but you are so so helpful - equally on the Sago forums.

I’m going to give that all a try later on. The great thing is, my server is on Redhat 9 also. That other thread you posted a link for is the one I tried to follow step by step - but that was in my early early Linux days where I knew a lot less than i do now =)

Thanks again for taking the time.