From owner-freebsd-questions@FreeBSD.ORG Thu Jun 3 19:13:28 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 88CA716A4CE for ; Thu, 3 Jun 2004 19:13:28 -0700 (PDT) Received: from msr75.hinet.net (msr75.hinet.net [168.95.4.175]) by mx1.FreeBSD.org (Postfix) with ESMTP id D276843D1D for ; Thu, 3 Jun 2004 19:13:25 -0700 (PDT) (envelope-from y2kbug@ms25.hinet.net) Received: from sonic.utopia.com (61-227-219-49.dynamic.hinet.net [61.227.219.49]) by msr75.hinet.net (8.9.3/8.9.3) with SMTP id KAA04892 for ; Fri, 4 Jun 2004 10:13:21 +0800 (CST) Date: Fri, 4 Jun 2004 02:05:38 +0800 From: Robert Storey To: freebsd-questions@freebsd.org Message-Id: <20040604020538.16f2612e.y2kbug@ms25.hinet.net> In-Reply-To: <20040603162655.M64760@enabled.com> References: <20040529213942.M22256@enabled.com> <20040529232528.GA16140@lori.mine.nu> <20040602213746.M25352@enabled.com> <20040603082154.GA3099@lori.mine.nu> <20040603162655.M64760@enabled.com> X-Mailer: Sylpheed version 0.9.7 (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: pure-ftpd with SFTP and PureDB Authentication (fwd) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jun 2004 02:13:28 -0000 If your users want a GUI client and they run Linux or *BSD, then they can easily configure Gftp to use sftp rather than ftp. In this scenario, you don't need to run Pureftp on your server - sftp (which uses the sshd daemon) will do the whole job. In Gftp, you set this up by clicking FTP-Options-SSH, and on the line that says "SSH2 sftp-server path" type "/usr/libexec/sftp-server". This is the sftp-server path for FreeBSD, though note that if your users try to connect to another server that uses a different path (some Linux distros use /usr/lib/sftp-server) they'll have to change the path. Anyway, once this option is set, the only thing the user has to do is click on the "FTP" icon (upper right-hand side of Gftp screen) and select "SSH2" (as opposed to "FTP"). That's all. All of the above applies to Linux and *BSD, and maybe to OSX as well. But if your users are running Windows, I have no idea. It may be possible with some Windows ftp clients, but you'll have to research that on your own. Maybe I haven't really answered your question. best regards, Robert On Thu, 3 Jun 2004 08:26:55 -0800 "Noah" wrote: > > > > > SFTP is for giving secure-ftp-access to users who also have secure- > > shell-access (SSH), so I don't think it's appropriate for your case. > > FTP-logins can be totally separated from shell-logins (with a > > separate passwords-database or even virtual users on some ftp- > > servers), so I think you better go on with your FTP-configuration, > > but then use a SSL- aware FTP-client to make secured connections to > > your server, not SFTP. > > I dont completely understand here - how can I force people with FTP > accounts to log in securely? As in - how do I force SSL authenticated > logins but still allow authentication to the accounts in Pureftp DB > file? > > thanks in advance, > > - noah