[Gllug] Some network queries

Jim Bailey jim at lateral.net
Mon Oct 15 12:17:57 UTC 2001


On Monday, October 15, 2001, at 09:56 AM, tet at accucard.com wrote:

>
>> Yes always have a non root user for remote connections via SSH you should
>> not connect remotely to a machine as root.
>
> True, but it doesn't have to be a local user (which is what the original
> question asked).
>
>> Also unless there is a very good reason for the users to have a shell
>> account on the server change their shell to /bin/true which will
>> allow them ftp only accounts.
>
> If you've set up your box for SSH, why leave FTP enabled? Kind of
> defeats the point somewhat.

You are right but most of our users and clients need and have ftp to 
upload files yes I know SSH is better but it doesn't have any graphical 
clients for  Mac and our designers and clients are not command line 
competent.  One day someone, maybe ourselves will write a graphical mac 
SSH client.

We use a chrooted ftp server and use SSH for production servers and admin,
  ie only Tech can update a production server. not the most secure solution 
I know but even if we trained our own staff we would still have clients 
insisting we rewrite the laws of computing for their convenience.  The 
best we can do is give them what they want get them to sign a disclaimer 
and hopefully understand the danger of their actions and then work in the 
background to minimise the damage. :-|

If you don't want your clients not to have even ftp access change to  /bin/
false in /etc/passwd.  I also answered the question before my first coffee.
  :)
>
Peace Jim

Eugene Polzik and his co-workers at the University of Aarhus in Denmark 
have entangled about a million million caesium atoms. Four was the 
previous record.
--http://www.nature.com/nsu/010927/010927-11.html


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list