Re: Solaris 9 sftp-server

From: R.A.Owen (
Date: 04/09/03

  • Next message: Hal Flynn: "SecurityFocus Article Announcement"
    Date: Wed, 9 Apr 2003 09:23:10 +0100 (BST)
    From: "R.A.Owen" <>

    > BAUMLER Julie L wrote:
    > > We're using Sun's ssh sftp server on Solaris 9 for some (internal) customer
    > > file tranfers. But, we don't want to allow these people to login or run
    > > commands with ssh. The usual methods to restrict login (/bin/false, "exit"
    > > in shell profile files, ...) block both or don't work. We need to be able
    > > to track file reads and writes, so we need the BSM support of the Solaris
    > > version of ssh. Has anyone else run across this?

    Dose making /usr/lib/ssh/sftp-server the login shell work?

    With openssh and rsa or dsa private key login I bound the private key to
    only run /usr/lib/ssh/sftp-server (or openssh equiv). That seemed to
    work. Dont give your "customer" the password to the account and then all
    they can run is sftp! - maybe some variation of this may help.

    Good luck
    Alex Owen

  • Next message: Hal Flynn: "SecurityFocus Article Announcement"

    Relevant Pages

    • Re: SSH Blocking
      ... >> disable root login to ssh and disable password based logins. ... I need to get the public key up ... You generate one public and private key pair. ...
    • Re: failed password tries...!!
      ... but log only the username if the ... password/username pair is reversed but otherwise valid; and if a login ... The encryption code must be on the auth ... without first compromising your private key somehow. ...
    • Re: dyndns and the last hop - trying to set up ssh access to a machine on my LAN [Solved]
      ... minutes of my getting my connection up last night so I guess I second ... Another suggestion is to use a public/private key pair to login, ... and login multiple times without typing a password. ... remember to protect the private key with a strong passphrase. ...
    • Re: interacting with a shell script (ssh)
      ... Login without sending a password over the network by use of public/ ... then net/ssh is asking for the pass phrase althought it's given by ... option is not used as passphrase to open your private key. ...
    • Re: Setting up tunnel across multiple systems?
      ... All users on system login as one user on system B and then ... Copied public key to system B. ... I also copied my private key to system B and public key to system C. ... > Good judgement comes with experience. ...