Re: allow only sftp?

From: olaf weiser (olaf.weiser@t-systems.com)
Date: 04/14/03

  • Next message: sparhawk@beyond.nu: "OpenSSH for ufsdump on Solaris"
    Date: Mon, 14 Apr 2003 08:51:00 +0200
    From: olaf weiser <olaf.weiser@t-systems.com>
    To: secureshell@securityfocus.com
    
    

    HI., to all,

    another idea: implement an "exit" on the first line in the .profile of
    the user, so this user only can login via ftp and not via a shell...

    cheers...
    laff

    Jean-Jacques DOTI wrote:

    > Hi,
    >
    > The best way I've found to do this (with openssh) is to use rssh
    > (http://www.pizzashack.org/rssh/index.shtml) as login shell. It's
    > possible to restrict ssh to scp or/and sftp.
    > rssh also makes easy to have a chroot jail for scp/sftp users (common
    > jail for all users).
    > If you want to have per user chroot jail, you can use patched openssh
    > (http://chrootssh.sourceforge.net/) or wait for the next rssh version ...
    >
    >
    > Rex Binns wrote:
    >
    >> I need to allow a user only sftp access, but deny them ssh access?
    >>
    >> Is this possible, and if so, how do I do it?
    >>
    >> thanks
    >>
    >>
    >>


  • Next message: sparhawk@beyond.nu: "OpenSSH for ufsdump on Solaris"

    Relevant Pages

    • Security flaw in rssh
      ... rssh is a small shell whose purpose is to restrict users to using scp ... William F. McCaw identified a minor security flaw in rssh when used ... some non-openssh sftp clients. ... command-line arguments prior to entering the chroot jail. ...
      (SSH)
    • Re: allow only sftp?
      ... The best way I've found to do this is to use rssh ... possible to restrict ssh to scp or/and sftp. ... If you want to have per user chroot jail, you can use patched openssh ...
      (SSH)