Iâ€™ve been required to configure a Linux server running Proftpd server in a way that (bash) shell access is disabled for security reasons.
This could possibly prevent listing of file content on the server if the ftp user account logs in the server through the SSH protocol
Since I havenâ€™t set such a restriction on a server using Proftpd server managing the FTP accounts I had to consult with Proftpd authentication documentation
Therein it was explained that there is a sysadmin trick to use to achieve the prohibition of ssh access for the FTP users.
Here is a quick few steps walk through on how this is achieved in Debian Linux:
debian-server:~# vim /etc/proftpd/proftpd.conf
In the conf file uncomment:
Then you will have to edit your /etc/passwd file:
In /etc/passwd find the FTP user for which youâ€™d like to disable the SSH access and make sure itâ€™s shell is set to /bin/false
Now letâ€™s say youâ€™d like to disable SSH logins for FTP user testftpuser, while editing /etc/passwd you will notice a line:
The line should be changed to look like:
In case if youâ€™d like to change all system users who have access to the ProftFTP server as well, you can easily do that with a tiny shell script for the purpose.