Re: Allow SFTP sessions and refuse interactive SSH access for some users.
From: Mikhail Teterin (usenet_at_aldan.algebra.com)
Date: 05/12/04
- Previous message: Jack Moe: "Re: Installing RSA ACE/Agent for SCO 3.2v5.0.5"
- In reply to: Darren Tucker: "Re: Allow SFTP sessions and refuse interactive SSH access for some users."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 May 2004 17:20:16 -0400
Darren Tucker wrote in <c7p8q4$60j$1@gate.dodgy.net.au>:
> In article <1114404.vpb6o1qevP@Misha>,
> Mikhail Teterin <usenet@aldan.algebra.com> wrote:
>>Ed wrote in <95383172.0402180439.4e0dcb7c@posting.google.com>:
>>
>>> Somebody knows if it is possible to allow some users to be able to
>>> connect on an SSH server in SFTP mode and denying access to these same
>>> users when they use SSH interactive mode (i.e. allowing only SFTP
>>> session for some particular user) ?
>>
>>How about changing that user's login shell to /sbin/nologin
>>or /usr/bin/false or /nonexistant?
> No, that won't work (with OpenSSH, anyway). sshd checks that the user's
> shell is valid (ie listed in /etc/shells) before a login is permitted
> and the shell is used to exec sftp-server.
Yes, I found that out now. But setting the user's shell
to /usr/libexec/sftp-server seems to work (may need to list it
in /etc/shells too). Note, that scp will not work this way -- sftp only...
-mi
- Previous message: Jack Moe: "Re: Installing RSA ACE/Agent for SCO 3.2v5.0.5"
- In reply to: Darren Tucker: "Re: Allow SFTP sessions and refuse interactive SSH access for some users."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
