I’ve been required to configure a Linux server running Proftpd server in a way that (bash) shell access is disabled for security reasons.
This could possibly prevent listing of file content on the server if the ftp user account logs in the server through the SSH protocol
Since I haven’t set such a restriction on a server using Proftpd server managing the FTP accounts I had to consult with Proftpd authentication documentation
Therein it was explained that there is a sysadmin trick to use to achieve the prohibition of ssh access for the FTP users.
Here is a quick few steps walk through on how this is achieved in Debian Linux:
debian-server:~# vim /etc/proftpd/proftpd.conf
In the conf file uncomment:
#RequireValidShell off
to
RequireValidShell off
Then you will have to edit your /etc/passwd file:
In /etc/passwd find the FTP user for which you’d like to disable the SSH access and make sure it’s shell is set to /bin/false
Now let’s say you’d like to disable SSH logins for FTP user testftpuser, while editing /etc/passwd you will notice a line:
testftpuser:x:1001:1001:SoccerFame,,,:/home/testftpuser:/bin/bash
The line should be changed to look like:
testftpuser:x:1001:1001:SoccerFame,,,:/home/testftpuser:/bin/false
In case if you’d like to change all system users who have access to the ProftFTP server as well, you can easily do that with a tiny shell script for the purpose.