Re: Solaris 9 sftp-server

From: R.A.Owen (rao3@leicester.ac.uk)
Date: 04/09/03

  • Next message: Hal Flynn: "SecurityFocus Article Announcement"
    Date: Wed, 9 Apr 2003 09:23:10 +0100 (BST)
    From: "R.A.Owen" <rao3@leicester.ac.uk>
    
    

    > BAUMLER Julie L wrote:
    > > We're using Sun's ssh sftp server on Solaris 9 for some (internal) customer
    > > file tranfers. But, we don't want to allow these people to login or run
    > > commands with ssh. The usual methods to restrict login (/bin/false, "exit"
    > > in shell profile files, ...) block both or don't work. We need to be able
    > > to track file reads and writes, so we need the BSM support of the Solaris
    > > version of ssh. Has anyone else run across this?

    Dose making /usr/lib/ssh/sftp-server the login shell work?

    With openssh and rsa or dsa private key login I bound the private key to
    only run /usr/lib/ssh/sftp-server (or openssh equiv). That seemed to
    work. Dont give your "customer" the password to the account and then all
    they can run is sftp! - maybe some variation of this may help.

    Good luck
    Alex Owen


  • Next message: Hal Flynn: "SecurityFocus Article Announcement"