Re: Disable SFTP/SCP but not SSH?
From: Darren Tucker (dtucker_at_zip.com.au)
Date: Thu, 08 Jul 2004 20:06:06 +1000 To: Real Cucumber <firstname.lastname@example.org>
Real Cucumber wrote:
> Using Fedora Core 2 and OpenSSH 3.6.1p2, I'm wondering
> if it is possible to allow users to connect via SSH,
> but prevent them from connecting through SFTP and/or
Kind of (make a "scp" group, chgrp "scp" and "sftp-server" and chmod
them 0550) but at best this a mild inconvenience and will do *zero* to
actually stop people from transferring files.
They can use shell redirection (some variant of "ssh yourhost 'cat
>destfile' <sourcefile"), creative uses of tar/uuencode, or any number
of other things. They can also install their own copies of scp and/or
sftp-server if they have write access to some filesystem that's not
You might be able to do it if your users have a restricted shell too
(but those can be tricky to get right).
-- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.