[Gllug] Some network queries
Jim Bailey
jim at lateral.net
Mon Oct 15 12:17:57 UTC 2001
On Monday, October 15, 2001, at 09:56 AM, tet at accucard.com wrote:
>
>> Yes always have a non root user for remote connections via SSH you should
>> not connect remotely to a machine as root.
>
> True, but it doesn't have to be a local user (which is what the original
> question asked).
>
>> Also unless there is a very good reason for the users to have a shell
>> account on the server change their shell to /bin/true which will
>> allow them ftp only accounts.
>
> If you've set up your box for SSH, why leave FTP enabled? Kind of
> defeats the point somewhat.
You are right but most of our users and clients need and have ftp to
upload files yes I know SSH is better but it doesn't have any graphical
clients for Mac and our designers and clients are not command line
competent. One day someone, maybe ourselves will write a graphical mac
SSH client.
We use a chrooted ftp server and use SSH for production servers and admin,
ie only Tech can update a production server. not the most secure solution
I know but even if we trained our own staff we would still have clients
insisting we rewrite the laws of computing for their convenience. The
best we can do is give them what they want get them to sign a disclaimer
and hopefully understand the danger of their actions and then work in the
background to minimise the damage. :-|
If you don't want your clients not to have even ftp access change to /bin/
false in /etc/passwd. I also answered the question before my first coffee.
:)
>
Peace Jim
Eugene Polzik and his co-workers at the University of Aarhus in Denmark
have entangled about a million million caesium atoms. Four was the
previous record.
--http://www.nature.com/nsu/010927/010927-11.html
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list