PDA

View Full Version : [ubuntu] HELP! Big vsftpd security failure!

artheus
May 8th, 2009, 02:34 AM
Hi!

I've got a major problem now!

I've created som users for my vsftpd and they work fine.
And for security reasons I've set chroot_local_users=YES, so they can't browse the whole server. And it worked.

BUT! Now I've found that if I/they connect through port 22 instead of 21 they get access to the whole server! Why!?
What can I do to prevent this!??

/Artheus
drave
May 8th, 2009, 09:08 AM
Hi!

I've got a major problem now!

I've created som users for my vsftpd and they work fine.
And for security reasons I've set chroot_local_users=YES, so they can't browse the whole server. And it worked.

BUT! Now I've found that if I/they connect through port 22 instead of 21 they get access to the whole server! Why!?
What can I do to prevent this!??

/Artheus


22 is the port for ssh, the sshd daemon uses it
shutdown sshd if you dont want it
gombadi
May 8th, 2009, 05:59 PM
BUT! Now I've found that if I/they connect through port 22 instead of 21 they get access to the whole server! Why!?
What can I do to prevent this!??


If you want to use ssh to manage the system but want to restrict which users can login using ssh then you can use either of the following in /etc/ssh/sshd_config -


AllowUsers alloweduser,secondalloweduser
DenyUser notalloweduser,secondnotalloweduser