sftp password

From: Stan McCann (me_at_stanmccann.us)
Date: 06/23/05

  • Next message: Allodoxaphobia: "Re: e-mails as an images"
    Date: 23 Jun 2005 13:42:25 -0700
    
    

    I manage a server that must provide outside access for all users. Due
    to being hacked a few times on a Solaris box, I have switched over to a
    Linux system which I understand security issues on somewhat better. As
    part of the switch, I also no longer allow telnet and ftp but depend on
    SSH.

    With this new setup, I've had difficulty allowing newly created users
    to access the system without a password so use a generic password that
    allows an initial login requiring the user to change it immediately.
    This works via the .bashrc calling another script. The second script
    deletes itself after a successful password change. It works well and
    thanks to "if", gives no errors when the second script no longer
    exists.

    This leaves one problem, however with sftp. Since there is a valid
    password for the user account, a person can connect to the server using
    sftp without first changing the generic password. What I would like to
    do to solve this issue is disallow connection if the password has not
    been changed. Ideally, I could set a configuration parameter to not
    allow the particular password for sftp. Or, can I check for the
    existence of the secondary script and not allow access via sftp if it
    exists?

    -- 
    Stan McCann "Uncle Pirate" http://stanmccann.us/pirate.html
    Webmaster/Computer Center Manager, NMSU at Alamogordo
    http://alamo.nmsu.edu/  There are 10 kinds of people.
    Those that understand binary and those that don't.
    

  • Next message: Allodoxaphobia: "Re: e-mails as an images"