how to restrict to SFTP ? rssh doesn't match here

From: Pierre-Philipp Braun (ppwb@club-internet.fr)
Date: 11/18/02


Date: Mon, 18 Nov 2002 03:19:31 +0100
From: Pierre-Philipp Braun <ppwb@club-internet.fr>

Hi all,

i was trying to figure out how to limit some users to SFTP access only when
i found rssh, a shell that allows only SFTP and/or SCP use.

But even if the autor says that it should compile cleanly and work on any
POSIX-compliant system, it doesn't compile on NetBSD:

        rssh.c:47: wordexp.h: No such file or directory
        *** Error code 1

It needs glibc2, and there is only a glibc1 port avaible for NetBSD, so i
won't be able to compile rssh for now (i could try some linux emulation
though).

Is there another shell that would have the same aim?

Any advice would be appreciated.
Thanks in advance.

-- 
Pierre-Philipp Braun <ppwb@club-internet.fr>
http://elge9.free.fr


Relevant Pages

  • rssh and scponly arbitrary command execution
    ... rssh and scponly are restricted shells that are designed to allow execution ... arbitrary command execution on the remote host is ... These options allow the user to specify the location of the shell to use ...
    (Bugtraq)
  • Sftp only with LDAP
    ... to allow sftp access only via ldap? ... shell variable to noshell but since we are using our ldap/kerberos ... Eventually we are going to tie more boxes into the ldap structure ...
    (comp.security.ssh)
  • Re: setting shell to sftp-server?
    ... Nick Nelson wrote: ... > I like to provide many of my users with only SFTP access, ... there's also restriced secure shell, ... Using rssh myself, I know of no better way:) ...
    (SSH)
  • Re: Allow SFTP sessions and refuse interactive SSH access for some users.
    ... sshd checks that the user's ... > and the shell is used to exec sftp-server. ... 'rssh' won't address your problem, but it does prevent interactive SSH ...
    (comp.security.ssh)
  • Re: SFTP
    ... > user ids that I dont want to log in but which I setup for sFTP? ... For sftp/scp to work, the user's shell MUST ... allow the execution of commands, and MUST accept the -c option to ... you'll want to use something like rssh: ...
    (SSH)