Re: sftp virtual users question

From: Jeff Rosowski (rosowskij_at_ie.ymp.gov)
Date: 02/02/05

  • Next message: Tay, Gary: "RE: AllowGroups and ldap"
    Date: Wed, 2 Feb 2005 09:58:18 -0800 (PST)
    To: Bob Rasmussen <ras@anzio.com>
    
    

    check out scponly. that lets you chroot a user, and only allow scp/sftp.

    On Tue, 1 Feb 2005, Bob Rasmussen wrote:

    > On Tue, 1 Feb 2005, Lukasz Chruszczyk wrote:
    >
    >> Helo
    >> 1.Is it possible to prevent a user to get access to shell (by means of
    >> ssh),
    >> but give him/her access to sftp (or scp)
    >> 2.Is it possible to manage users independently for ssh and sftp(scp)
    >> subsystems?
    >> 3.Documentation about sftp-server subsystem is very poor? Where can I get
    >> more info?
    >
    > First, I assume you're talking about OpenSSH's implementation; is that
    > right?
    >
    > You are right that there is very little configurability. You might want to
    > force a particular directory as the user's home directory for SFTP
    > (different from their login directory). You might also want to restrict
    > their navigation.
    >
    > As far as I can tell there is no way to do this with OpenSSH's
    > implementation. This would be a good area for someone to expand upon.
    >
    > Regards,
    > ....Bob Rasmussen, President, Rasmussen Software, Inc.
    >
    > personal e-mail: ras@anzio.com
    > company e-mail: rsi@anzio.com
    > voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
    > fax: (US) 503-624-0760
    > web: http://www.anzio.com
    >


  • Next message: Tay, Gary: "RE: AllowGroups and ldap"