Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: FTP/Telnet Access
« previous next »
Pages: [1]   Go Down

FTP/Telnet Access

  • 2 Replies
  • 2243 Views

Troy

FTP/Telnet Access
« on: October 07, 1999, 03:12:11 AM »
First of all let me start out by saying that the E-Smith Server/Gateway is a great product! It has saved me a ton of time and headaches.

I have a couple of questions regarding outside FTP and Telnet access.

1. Allowing "root" to telnet from the ouside scares me.... is there a way I can turn that feature off? I like allowing other users to telnet in... but not root.

2. After creating a user I cannot FTP in from CuteFTP (from the ouside world).... even if logging in as root or admin. Is there something that I'm missing? If I FTP as anonymous.... it accepts the connection.

Which files should I edit to change this?

Thanks in advance!!
Logged

Joseph Morrison

RE: FTP/Telnet Access
« Reply #1 on: October 07, 1999, 07:34:24 PM »
Hello Troy,

> First of all let me start out by saying that the E-Smith
> Server/Gateway is a great product! It has saved me a ton of
> time and headaches.

Thank you!! Encouraging comments always appreciated :-)

> 1. Allowing "root" to telnet from the ouside scares
> me.... is there a way I can turn that feature off? I like
> allowing other users to telnet in... but not root.

As shipped, your only options are to allow root telnet access (locally or globally) or to disable telnet access completely (highly recommended). Since the e-smith system is intended as a network appliance, we discourage allowing individual users to telnet in, since allowing users to run arbitrary programs reduces reliability. (The root telnet access is indended for use only for emegencies.)

If you are really set on allowing users to telnet in, you should do the following:

1. Modify the file /etc/e-smith/events/actions/conf-security

There is a line in which it checks the TelnetServerMode, and if it's not equal to "public" or "private", it creates the /etc/securetty file. You should change the code so that it always creates the /etc/securetty file. This will permanently disable root access via telnet.

2. Then for each user that you want to enable login, edit the /etc/passwd file and change their shell from "/bin/sshell" to "/bin/bash".

3. Finally, from the e-smith manager enable telnet access.

> 2. After creating a user I cannot FTP in from CuteFTP (from the
> ouside world).... even if logging in as root or admin. Is there
> something that I'm missing? If I FTP as anonymous.... it
> accepts the connection.

Yes, the e-smith box is configured by default to allow access only to the anonymous area and ibays from the outside world. The reason is that individual user accounts have ftp write access, but for security reasons, write access is allowed only from the internal network. Therefore it follows that individual ftp logins can only work on the internal network.

You can change these policies by altering the /etc/e-smith/templates/etc/proftpd.conf file.

Hope this helps!
- Joe
Logged

Troy

RE: FTP/Telnet Access
« Reply #2 on: October 08, 1999, 11:52:46 PM »
Thanks for your timely response!!
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: FTP/Telnet Access