C3rd

SECURING FTP Use chroot_local_user=YES then the vsftpd.chroot_list becomes a list of users to NOT chroot. So... you said chroot ALL users but ftpuser. Notice the commented out lines. In /etc/vsftpd/vsftpd.conf:

chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

edited /etc/vsftpd.chroot_list: add users only that DO NOT NOT NOT NOT get chrooted. use /sbin/nologin edited /etc/passwd entry for ftpuser:

ftpuser:X:#:#:FTP User Account:/home/ftpuser/./:/sbin/nologin

------------

chroot_local_user=YES
chroot_list_enable=YES

means that by default ALL users get chrooted except users in the file

chroot_local_user=NO
chroot_list_enable=YES

means that by default ONLY users in the file get chrooted. See the difference? Article by: JordanH Final Configuration:

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list

pasv_enable=YES
port_enable=NO
pasv_min_port=60000
pasv_max_port=64000

# ftp settings
connect_from_port_20=YES

# User Settings
pasv_promiscuous=YES
dirlist_enable=YES
download_enable=YES

SECURING SSH Edit /etc/ssh/sshd_config and at the bottom of the file, add these lines...

# Allowed users to login SSH
#AllowUsers root user002

# Disallow users in logging in at SSH
#DenyUsers user001