Re: safest FTP and TELNET options?

[Joshua Jore <moomonk@aaieee.daisy-chan.org>]

Derek,
I had a different idea. I'm about to be in the same boat where I've got
users who are likely to require FTP services, maybe shell too. I'm
planning on creating one account for the user that allows FTP access to
the web directory. I'll disable that account from being able to login from
shell. *If* the user needs shell access then I absolutely will require a
SSH client like Putty (any ideas for Mac clients?). My assumption is that
certain content management packages will require the user to use FTP so
requiring SCP | SFTP won't work for that circumstance. Since there isn't
likely to be an installed base of software requiring telnet I can specify
which software to use.

In effect, one account with ONLY ftp login access can maintain the files.
Another account for the user to do everything else via SSH. I figure to
have ~10-20 real users so I'm not carrying a large user/admin overhead.

Are there reasons this won't work? (I plan to try it so feedback is
welcome)

Josh

On Mon, 2 Jul 2001, Derek Sivers wrote:

> Thanks for the replies, so far.
>
> But yes unfortunately I really do need to turn on regular old FTP and TELNET.
>
> We do web hosting for newbies, who are just using Dreamweaver or Netscape
> Composer to make their first web page - and just need the simple "upload"
> FTP button to work.
>
> Again - any advice from my OpenBSD buddies on how to do it safest on
> OpenBSD would be appreciated.
>
>
>
> >Ok - as much as I hate to - I *have* to turn on FTP and TELNET for a
> >virtual webhosting thing I'm doing for people who don't have SSH, SFTP or
> >RSYNC, etc...
> >
> >So . . . what's the safest FTP and telnet ports on OpenBSD these days?
> >Or - for anyone else doing web hosting on OpenBSD - what's your approach?
> >
> >Any advice or URLs appreciated.