User-IP patch for SafeTP ======================== About ----- This patch causes sftpd to match incoming usernames and IP addresses against a file listing allowed combinations. It was contributed by < Disastry at iname dot com >. Changelog --------- 2001-08-14: Some changes applied for sftpd-1.46 by Marcin Sochacki : * split README file * wrote some documentation with examples * removed #include -- never used in code and caused compile errors on Linux * added break in IsIPAllowed function -- previously `*' character disabled other settings in `allow_ip' file How to compile -------------- To apply the patch: $ cd sftpd-... $ patch < user-ip-patch.txt $ ./configure $ make How to use ---------- In /etc/inetd.conf put something like: safetp stream tcp nowait safetp /usr/sbin/tcpd /home/safetp/sftpd -f351 -s -y/home/safetp -7/home/safetp/etc/allow_959 -6/home/safetp/etc/allow_ip `allow_959' file is used to list users allowed to make unencrypted connections to your server. Other users are forced to use SafeTP aware client. Example: ------- snip ------- $ cat /home/safetp/etc/allow_959 ftp anonymous wanted ------- snip ------- `allow_ip' file is used to map allow user and IP combinations. Even if your server has similar feature (e.g. ProFTPD), safetpd makes it unusable as all incoming connections appear from localhost. That's why this patch is necessary. Example: ------- snip ------- $ cat /home/safetp/etc/allow_ip ftp 10.0.0.128/25 anonymous 10.0.0.128/25 * 0.0.0.0/0 ------- snip ------- It means: give anonymous access only to my local network, other users are free to log in from anywhere.