⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.50
Server IP:
41.128.143.86
Server:
Linux host.raqmix.cloud 6.8.0-1025-azure #30~22.04.1-Ubuntu SMP Wed Mar 12 15:28:20 UTC 2025 x86_64
Server Software:
Apache
PHP Version:
8.3.23
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
share
/
doc
/
psa-proftpd
/
contrib
/
View File Name :
mod_sftp_pam.html
<!DOCTYPE html> <html> <head> <title>ProFTPD module mod_sftp_pam</title> </head> <body bgcolor=white> <hr> <center> <h2><b>ProFTPD module <code>mod_sftp_pam</code></b></h2> </center> <hr><br> <p> The <code>mod_sftp_pam</code> module provides support for the "SSH Keyboard-Interactive Authentication" RFC (<a href="http://www.faqs.org/rfcs/rfc4256.html">RFC4256</a>). How is <code>mod_sftp_pam</code> different from ProFTPD's existing PAM support, in the form of <code>mod_auth_pam</code>? The difference is that the <code>mod_auth_pam</code> module does <b>not</b> echo the prompt, provided by the underlying PAM library/modules, back to the FTP client; this <code>mod_sftp_pam</code> module will echo any prompt back to the connecting SSH2 client. This makes using onetime-password PAM modules, for example, work very easily for authenticating SSH2 logins. <p> This module is contained in the <code>mod_sftp_pam.c</code> file for ProFTPD 1.3.<i>x</i>, and is not compiled by default. Installation instructions are discussed <a href="#Installation">here</a>; a discussion on <a href="#Usage">usage</a> is also available. <p> The most current version of <code>mod_sftp_pam</code> is distributed with the ProFTPD source code. <h2>Author</h2> <p> Please contact TJ Saunders <tj <i>at</i> castaglia.org> with any questions, concerns, or suggestions regarding this module. <h2>Directives</h2> <ul> <li><a href="#SFTPPAMEngine">SFTPPAMEngine</a> <li><a href="#SFTPPAMOptions">SFTPPAMOptions</a> <li><a href="#SFTPPAMServiceName">SFTPPAMServiceName</a> </ul> <hr> <h3><a name="SFTPPAMEngine">SFTPPAMEngine</a></h3> <strong>Syntax:</strong> SFTPPAMEngine <em>on|off</em><br> <strong>Default:</strong> On<br> <strong>Context:</strong> server config, <code><VirtualHost></code>, <code><Global></code><br> <strong>Module:</strong> mod_sftp_pam<br> <strong>Compatibility:</strong> 1.3.2rc2 and later <p> The <code>SFTPPAMEngine</code> directive toggles the use of the PAM library for supporting a keyboard-interactive authentication mechanism for SSH2 logins. By default <code>mod_sftp_pam</code> is enabled. <p> <hr> <h3><a name="SFTPPAMOptions">SFTPPAMOptions</a></h3> <strong>Syntax:</strong> SFTPPAMOptions <em>opt1 opt2 ... optN</em><br> <strong>Default:</strong> None<br> <strong>Context:</strong> server config, <code><VirtualHost></code>, <code><Global></code><br> <strong>Module:</strong> mod_sftp_pam<br> <strong>Compatibility:</strong> 1.3.2rc2 and later <p> The <code>SFTPPAMOptions</code> directive is used to configure various optional behaviors of <code>mod_sftp_pam</code>; it is directly analogous to <code>mod_auth_pam</code>'s <code>AuthPAMOptions</code> directive. <p> The currently supported options are: <ul> <li><code>NoTTY</code> </li> <p> <li><code>NoInfoMsgs</code> <p> Disables the sending of information messages from PAM to the connecting SSH client. This option is usually used for compatibility with OpenSSH's behavior. </li> <p> <li><code>NoRadioMsgs</code> <p> Disables the sending of Linux-specific information messages from PAM (usually from the <code>pam_winbind</code> PAM module) to the connecting SSH client. This option is usually used for compatibility with OpenSSH's behavior. </li> </ul> <p> <hr> <h3><a name="SFTPPAMServiceName">SFTPPAMServiceName</a></h3> <strong>Syntax:</strong> SFTPPAMServiceName <em>service</em><br> <strong>Default:</strong> SFTPPAMServiceName sshd<br> <strong>Context:</strong> server config, <code><VirtualHost></code>, <code><Global></code><br> <strong>Module:</strong> mod_sftp_pam<br> <strong>Compatibility:</strong> 1.3.2rc2 and later <p> The <code>SFTPPAMConfig</code> directive is used to specify the name of the service used when performing the PAM check; PAM configurations can vary depending on the service. By default, the "sshd" service is used. <p> Here's an example of changing the <em>service</em> used: <pre> <IfModule mod_sftp_pam.c> SFTPPAMEngine on SFTPPAMServiceName ftpd </IfModule> </pre> <p> The <code>SFTPPAMServiceName</code> directive is directly analogous to <code>mod_auth_pam</code>'s <code>AuthPAMConfig</code> directive. <p> <hr> <h2><a name="Installation">Installation</a></h2> The <code>mod_sftp_pam</code> module is distributed with ProFTPD. Simply follow the normal steps for using third-party modules in ProFTPD: <pre> $ ./configure --with-modules=mod_sftp:mod_sftp_pam ... $ make $ make install </pre> Alternatively, <code>mod_sftp_pam</code> can be built as a DSO module: <pre> $ ./configure --enable-dso --with-shared=mod_sftp_pam ... </pre> Then follow the usual steps: <pre> $ make $ make install </pre> <p> For those with an existing ProFTPD installation, you can use the <code>prxs</code> tool to add <code>mod_sftp_pam</code>, as a DSO module, to your existing server: <pre> $ prxs -c -i -d mod_sftp_pam.c </pre> <p> <hr><br> <h2><a name="Usage">Usage</a></h2> To use <code>mod_sftp_pam</code>, simply configure it to use the correct PAM service name, <i>e.g.</i>: <pre> <IfModule mod_sftp_pam.c> SFTPPAMEngine on SFTPPAMServiceName sftp </IfModule> </pre> There is no requirement that <code>mod_sftp_pam</code> use the same PAM service name as the <code>mod_auth_pam</code> module; this allows you to have different PAM configurations for FTP versus SSH2 logins. <p> <hr> <font size=2><b><i> © Copyright 2008-2013 TJ Saunders<br> All Rights Reserved<br> </i></b></font> <hr> </body> </html>