Re: openssh: Enabling sftp, but disabling ssh?
- From: Darren Tucker <dtucker@xxxxxxxxxx>
- Date: Thu, 07 Sep 2006 11:00:51 +1000
Benjamin Donnachie wrote:
Mark Holden wrote:Does anybody know if it's possible, using openssh, to allow file
transfer to/from a machine, using sftp, for a specific userid, and
disallow ssh login/remote command execution for that same userid? Other
userids on the machine should be unaffected.
I do exactly that on my system; you can't achieve it with OpenSSH alone
and need to use a helper allocation such as either scponly or rssh.
In the next release of OpenSSH (4.4, ETA "soon") you can by combining the new "Match" and "ForceCommand" directives:
Match User sftponly
ForceCommand /usr/libexec/sftp-server -l INFO
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.