Webmin + vsftp module?

[Robor]

I got Webmin installed okay but when I tried installing the vsftp module (from here) it says, 'Failed to install module from http://www.webmin.com/download...rtualmin-vsftpd.wbm.gz : Module virtualmin-vsftpd does not support this operating system (Ubuntu Linux 7.04). I tried using the .wbm and .tz files and got the same results.

EDIT: I guess I should explain *why* I'm trying to do this. I've got vsftpd running on my Ubuntu 7.04 system and I want to secure it a bit. I want to allow my login free access to the system with an FTP client (WinSCP) and also allow restricted access to other users. I edited the vsftpd.conf file to enable the vstpd.chroot_list (option chroot_list_file=/etc/vsftpd.chroot_list). I created that file and put my login in it. I restarted the vsftpd service. I can log in securely from my login and the 'guest' login but I have free reign of the file system in both logins.

 

[kamper]

Sorry for not staying on topic, but I'm kinda curious why you're talking about ftp when you've already got an scp capable client.

 

[Robor]

Maybe I'm asking the wrong question...? I can connect to my Ubuntu system from my Windows system with WinSCP but regardless of the permissions I set in vsftpd.conf the user logging in has free reign of the file system. I want to lock certain users to just their home directory.

 

[kamper]

Are you sure you've got WinSCP doing ftp and not scp/sftp? Btw, my suggestion *is* to go with scp and you should look at scponly if you want to limit their access. Throw vsftpd right out.

 

[Robor]

Sorry, I should have said I was using sftp protocol. I can log in via ftp, sftp, or scp but sftp is what I was using. Regardless of which I use my 'guest' login - which I want to lock to its home directory - can still get to anywhere in the file system.

 

[Brazen]

Originally posted by: Robor
Sorry, I should have said I was using sftp protocol. I can log in via ftp, sftp, or scp but sftp is what I was using. Regardless of which I use my 'guest' login - which I want to lock to its home directory - can still get to anywhere in the file system.

vsftpd does not do sftp. It does ssl-ftp, which is different. Use scponly for sftp.

edit: also, I think there is a page on scponly at the Ubuntu wiki.

 

[kamper]

Originally posted by: Brazen
vsftpd does not do sftp. It does ssl-ftp, which is different. Use scponly for sftp.

Does scponly do sftp? I thought it did only scp plus a few ssh commands to allow WinSCP to do directory listings and such.

 

[kamper]

Oh, and Robor, Brazen is of course correct. When you use scp, ssh or sftp you are connecting to sshd (OpenSSH). You'll want to read up on sshd_config(5) but scponly is an add-on that isn't part of OpenSSH. Basically you install it and set users' shells to the scponly binary which then controls all of their logins from anywhere.

The only reason I could think of to ever use vsftpd is for anonymous (read: not needing encryption or passwords) download or possibly if you want to support users who are incapable of installing winscp and need to use Windows explorer for file transfers. But http is probably a better solution for the former case anyway.

 

[Robor]

Maybe I'm going about this all wrong? A friend of mine is using FileZilla under Windows to host a secure FTP server for friends/family. What I want to do is have similar access to my Ubuntu box at home. I'd like to have one login for me that has full access to the server and a few other logins for friends/family with limited access. Is scponly the best option for this?

 

[Nothinman]

There's no such thing as secure FTP.

If you can install something like WinSCP on all of their machines I'm sure they'll be fine with scp.

 

[Robor]

Originally posted by: Nothinman
There's no such thing as secure FTP.

If you can install something like WinSCP on all of their machines I'm sure they'll be fine with scp.

Sorry, I think he's using ssl with FileZilla.

 

[Nothinman]

Which isn't plain FTP, FTP+SSL is a non-standard thing that virtually no one supports. And according to their site it also supports SFTP, although I don't think that works with scponly so you wouldn't be able to restrict their accounts quite as much.

 

[Brazen]

Originally posted by: Nothinman
Which isn't plain FTP, FTP+SSL is a non-standard thing that virtually no one supports. And according to their site it also supports SFTP, although I don't think that works with scponly so you wouldn't be able to restrict their accounts quite as much.

According to who's site? Filezilla's? If they are, Filezilla is probably not using the correct acronym. Filezilla may be refering to ftp+ssh which is ftp tunneled through an ssh session (often mistakenly called Secure FTP), or SSL-FTP (also called FTPS or FTP/SSL), or worse yet it coulde be refering to Simple File Transfer Protocol which is as unsecured as it gets.

SFTP is actually an update of SCP and stands for Secure File Transfer Protocol, although it is often mistakenly called SSH File Transfer Protocol. SFTP support can be confusing because the acronym gets misused alot, often being used for the protocols I mention above, but I consider this to be the correct usage because there is actually an IETF draft defining SFTP as such: <a target=_blank class=ftalternatingbarlinklarge href="https://datatracker.ietf.or......-scp-sftp-ssh-uri/"><a target=_blank class=ftalternatingbarlinklarge href="https://datatracker.ietf.org/d...ecsh-scp-sftp-ssh-uri/"><a target=_blank class=ftalternatingbarlinklarge href="https://datatracker.ietf.org/drafts/draft-ietf-secsh-scp-sftp-ssh-uri/">https://datatracker.i............p-ssh-uri/</a></a></a>

 

[Nothinman]

Their site specifically says "Supports FTP, FTP over SSL/TLS (FTPS) and SSH File Transfer Protocol (SFTP)", even if SFTP does mean "secure" instead of "SSH" it's irrelevant because they've spelled out what they mean in each case.

 

[Robor]

So my best option is installing scponly on my Ubuntu box @ home and having remote access to it via WinSCP?

 

[Brazen]

Originally posted by: Robor

Originally posted by: Nothinman
There's no such thing as secure FTP.

If you can install something like WinSCP on all of their machines I'm sure they'll be fine with scp.

Sorry, I think he's using ssl with FileZilla.

Yeah, the NEW Filezilla client does supports SFTP, but last I knew the server only supported FTP and FTPS.

 

[Brazen]

Originally posted by: Nothinman
Their site specifically says "Supports FTP, FTP over SSL/TLS (FTPS) and SSH File Transfer Protocol (SFTP)", even if SFTP does mean "secure" instead of "SSH" it's irrelevant because they've spelled out what they mean in each case.

That's the client, not the server. If you were talking about the client, then I guess I misunderstood.

 

[Nothinman]

I know, I (perhaps wrongly) assumed he Robor was talking about the client when he said "Sorry, I think he's using ssl with FileZilla.".

Although I do find it pretty funny that they offer a client and server with differing protocol support.

 

[Brazen]

Originally posted by: Robor
So my best option is installing scponly on my Ubuntu box @ home and having remote access to it via WinSCP?

That is what I would do, except apparently you can use the new Filezilla client in place of WinSCP.

Originally posted by: Nothinman
I know, I (perhaps wrongly) assumed he Robor was talking about the client when he said "Sorry, I think he's using ssl with FileZilla.".

Although I do find it pretty funny that they offer a client and server with differing protocol support.

I'm pretty sure the previous major version of Filezilla client did not support SFTP and they just came out with this new version of the client, so maybe an upgrade with SFTP support is in the works for the Filezilla server also.... like maybe when the stupid thing comes out with a version 1.0. I already think it's way better than IIS's ftp, anyway.

 

[Robor]

Originally posted by: Nothinman
I know, I (perhaps wrongly) assumed he Robor was talking about the client when he said "Sorry, I think he's using ssl with FileZilla.".

Although I do find it pretty funny that they offer a client and server with differing protocol support.

He said he's using FileZilla server and clients.

 

[Nothinman]

Well that's irrelevant unless you're planning on supporting the same people and don't want to make them use WinSCP.