SFTP root user access
My vsftpd.conf is as follows:
#
# User Level (anonymous vs. local):
anonymous_enable=NO
local_enable=YES
#
# FTP Access Rights:
local_umask=022
write_enable=YES
#
# Logging:
xferlog_enable=YES
xferlog_std_format=NO
vsftpd_log_file=/logs/vsftpd.log
#
# Connection Rules:
connect_from_port_20=YES
idle_session_timeout=600
data_connection_timeout=600
#
# FTP Settings:
nopriv_user=nobody
ls_recurse_enable=YES
force_dot_files=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
chroot_local_user=YES
pam_service_name=vsftpd
userlist_enable=YES
userlist_file=/etc/vsftpd/vsftpd.user_list
#
# SSL Settings:
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
The PAM file has the following:
# Standard behaviour for ftpd(8).
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
# Note: vsftpd handles anonymous logins on its own. Do not enable
# pam_ftp.so.
# Standard blurb.
@include common-account
@include common-session
@include common-auth
auth required pam_shells.so
This looks correct, as it denies access to users in the /etc/vsftpd/ftpusers file, and I have removed root from that file.
The userlist_file above has both root and my safe 'ftpuser' account in it.
After removing root from ftpusers, I am still not able to login (get access denied). 'ftpuser' is still able to log in through sftp. Any ideas why root is still being denied?
Thanks,
Paul
2 Replies
Needed to change my sshd_config file to allow for root login.
Thanks!