Re: Solaris 9 sftp-server
From: R.A.Owen (firstname.lastname@example.org)
Date: Wed, 9 Apr 2003 09:23:10 +0100 (BST) From: "R.A.Owen" <email@example.com>
> BAUMLER Julie L wrote:
> > We're using Sun's ssh sftp server on Solaris 9 for some (internal) customer
> > file tranfers. But, we don't want to allow these people to login or run
> > commands with ssh. The usual methods to restrict login (/bin/false, "exit"
> > in shell profile files, ...) block both or don't work. We need to be able
> > to track file reads and writes, so we need the BSM support of the Solaris
> > version of ssh. Has anyone else run across this?
Dose making /usr/lib/ssh/sftp-server the login shell work?
With openssh and rsa or dsa private key login I bound the private key to
only run /usr/lib/ssh/sftp-server (or openssh equiv). That seemed to
work. Dont give your "customer" the password to the account and then all
they can run is sftp! - maybe some variation of this may help.