sftp password

• Previous message: M_F_H: "Re: PortSentry: How To Delete an Entry in Routing Table"
• Next in thread: Jem Berkes: "Re: sftp password"
• Reply: Jem Berkes: "Re: sftp password"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 23 Jun 2005 13:42:25 -0700

I manage a server that must provide outside access for all users. Due
to being hacked a few times on a Solaris box, I have switched over to a
Linux system which I understand security issues on somewhat better. As
part of the switch, I also no longer allow telnet and ftp but depend on
SSH.

With this new setup, I've had difficulty allowing newly created users
to access the system without a password so use a generic password that
allows an initial login requiring the user to change it immediately.
This works via the .bashrc calling another script. The second script
deletes itself after a successful password change. It works well and
thanks to "if", gives no errors when the second script no longer
exists.

This leaves one problem, however with sftp. Since there is a valid
password for the user account, a person can connect to the server using
sftp without first changing the generic password. What I would like to
do to solve this issue is disallow connection if the password has not
been changed. Ideally, I could set a configuration parameter to not
allow the particular password for sftp. Or, can I check for the
existence of the secondary script and not allow access via sftp if it
exists?

-- 
Stan McCann "Uncle Pirate" http://stanmccann.us/pirate.html
Webmaster/Computer Center Manager, NMSU at Alamogordo
http://alamo.nmsu.edu/  There are 10 kinds of people.
Those that understand binary and those that don't.

• Previous message: M_F_H: "Re: PortSentry: How To Delete an Entry in Routing Table"
• Next in thread: Jem Berkes: "Re: sftp password"
• Reply: Jem Berkes: "Re: sftp password"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]