Security risk with Jailkit

Hi,

I just realize that there is a security risk with Jailkit.

When I create a shell user, the user can connect to FTP with a FTP client. And when I turn off the jailkit user, he can still connect via FTP!

How to prevent the FTP connection to a shell user even when the shell user is disabled

Thx and best regards ^^

PS : sorry for my english

 

thx till for your answer ^^

Are you sure ?

For exemple :

I create FTP account "ftp_account1" for the site1, and the shell user "ssh_user_1" for the same site 1.

1- the both accounts are activated : both account can connec via FTP, ok.

2- i disabled "ftp_account1" : ssh_user_1 can connect via FTP

3- i delet the ftp_account1 : ssh_user_1 can connect via FTP

either I misunderstood or something is wrong ...

regards

 

Thank you for this explanations, it's clear for me now

But i have a question : how can i disable FTP login for shell users ?

For account ssh_user_1, i want only SSH access and not FTP.

If i want an FTP access, then i creat a (virtual) FTP user in ISPC.

Regards.

 

What OS are you using?

In my Debian Wheezy VPS, there are options called PAMAuthentication and UnixAuthentication. If you set both of those to no, you should not be able to login as a shell user.

 

Im running Debian Squeeze.

I found this : http://www.debianhelp.co.uk/pureftp.htm

I will test/search for PAM auth and let you know ^^

Thx dclardy