From owner-freebsd-questions@FreeBSD.ORG Thu Jun 3 01:22:22 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8CD0F16A4CE for ; Thu, 3 Jun 2004 01:22:22 -0700 (PDT) Received: from outmx004.isp.belgacom.be (outmx004.isp.belgacom.be [195.238.2.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD74C43D2F for ; Thu, 3 Jun 2004 01:22:21 -0700 (PDT) (envelope-from geert@lori.mine.nu) Received: from outmx004.isp.belgacom.be (localhost [127.0.0.1]) with ESMTP id i538MH2G014578 for ; Thu, 3 Jun 2004 10:22:17 +0200 (envelope-from ) Received: from lori.mine.nu (139.60-136-217.adsl.skynet.be [217.136.60.139]) with ESMTP id i538MFoW014567; Thu, 3 Jun 2004 10:22:15 +0200 (envelope-from ) Received: by lori.mine.nu (Postfix, from userid 1000) id 3FBD3D1E; Thu, 3 Jun 2004 10:21:55 +0200 (CEST) Date: Thu, 3 Jun 2004 10:21:54 +0200 From: Geert Hendrickx To: Noah Message-ID: <20040603082154.GA3099@lori.mine.nu> References: <20040529213942.M22256@enabled.com> <20040529232528.GA16140@lori.mine.nu> <20040602213746.M25352@enabled.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040602213746.M25352@enabled.com> User-Agent: Mutt/1.4.2i X-PGP-Key: http://www.win.ua.ac.be/~s005085/gnupgkey.txt X-Accept-Language: nl,en cc: freebsd-questions@freebsd.org Subject: Re: pure-ftpd with SFTP and PureDB Authentication (fwd) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jun 2004 08:22:22 -0000 On Wed, Jun 02, 2004 at 01:42:57PM -0800, Noah wrote: > On Sun, 30 May 2004 01:25:28 +0200, Geert Hendrickx wrote > > On Sat, May 29, 2004 at 01:40:06PM -0800, Noah wrote: > > > > > > > > > FreeBSD 4.9-STABLE > > > pure-ftpd version 1.0.18 > > > > > > I am unable to login via SFTP using accounts that exist in the PureDB. > > > The password is denied according to the client and there are no log > > > messages collected in the server's log files. > > > > > > When I set the server's TLS option to disable SSL/TLS encryption layer > > > ( TLS 0 ) - I am able to log in with clear text passwords to accounts > > > located in the PureDB. > > > > > > I have PureDB authentication method uncommented in the pure-ftpd.conf > > > configuration file - attached below. > > > > > > so what am I doing wrong. how can I have SSL/TLS forced logins and allow > > > those with PureDB accounts to get authenticated please? > > > > > > cheers, > > > > > > noah > > > > sftp connects to sshd, not ftpd. So use ssh-login/pw for encrypted > > logins and sessions. > > > > > Okay thanks for letting me know. I am trying to allow only secure FTP logins > but dont want general accounts for each user. it would be nice to have > accounts that only have FTP access and access to specific directories. can > you suggest a way that I can do this while still only allowing SFTP connections? > > cheers, > > Noah > > > > GH SFTP is for giving secure-ftp-access to users who also have secure- shell-access (SSH), so I don't think it's appropriate for your case. FTP-logins can be totally separated from shell-logins (with a separate passwords-database or even virtual users on some ftp-servers), so I think you better go on with your FTP-configuration, but then use a SSL- aware FTP-client to make secured connections to your server, not SFTP. GH