Monday, November 22, 2010

vsftpd check_shell

So, I wanted to give a restricted SSH access to www-data to be able to write in /var/www. So I did. Unfortunately, the ones who were supposed to use that account, they use WinSCP, and rssh is not that compatible. rssh works well with scp command line utility from Linux, but they're Windows lovers. So I had to give them a ftp account to that same folder, and with the same account - www-data. So I installed vsftpd, with apt-get install vsftpd. I enabled local users, write permission and all that. And then tried to login using www-data and the password I've set up. Nothing. Login incorrect. I retype password, reset the password. Nothing! After googling around, I found out that it needs a valid shell, and you can disable it by entering check_shell=NO. But "Note! This option only has an effect for non-PAM builds of vsftpd. If disabled, vsftpd will not check /etc/shells for a valid user shell for local logins."

So, considering most of installation are PAM based, this option is useless. So, in my case, I had to add rssh shell to /etc/shells. Reboot the server (source might work, too) and now I can login through ftp using www-data account, and I can also use rssh with the same account.

Tuesday, November 16, 2010

Installing Hydra 5.8 on Ubuntu 10.10

First of all, you should get the source from here.

After this, you unzip it, and run configure. Whatever library you don't have, you can install using apt. Unfortunately, I had a problem with Firebird libraries. Looks like, although I installed them, hydra couldn't find them. I tried a symlink to it, but in vain. Other packages you can install are:


For the compilation to work smoothly, you'll have to manually edit the generated Makefile:

- edit the first like to look like this:
CC=gcc `/usr/bin/apr-1-config --cppflags --cflags`

- edit the 4th like to look like this:
XLIBS= -lssl -lncp -lpq -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_client-1 -lapr-1 -laprutil-1 -lssh -lcrypto

- edit the 6th like to look like this:
XIPATHS= -I/usr/include/subversion-1 -I/usr/include/apr-1.0

If you don't do this, you'll probably get some errors like:

/usr/include/subversion-1/svn_client.h:878: error: expected specifier-qualifier-list before ‘svn_ra_progress_notify_func_t’
hydra-svn.c: In function ‘start_svn’:
hydra-svn.c:106: warning: ‘svn_client_get_simple_prompt_provider’ is deprecated (declared at /usr/include/subversion-1/svn_client.h:111)
hydra-svn.c:120: warning: ‘svn_client_ls’ is deprecated (declared at /usr/include/subversion-1/svn_client.h:4077)
make: *** [hydra-svn.o] Error 1