Thanks, Bob.  That was exactly what I needed.  Those pesky users are now
locked out of shell access.

Bob Stocker wrote:

>On Tue, 2002-05-21 at 10:54, Shannon Merritt wrote:
>
>
>>On RedHat 7.2 (also on our Solaris servers), we allow our web site
>>design team to upload content via SFTP on port 22.  Previously we used
>>the standard FTP protocol (port 21).  With regular FTP uploads, the
>>user's entry in the /etc/passwd file could contain a shell reference
>>like "/bin/false" as long as that shell was defined in /etc/shells.  Now
>>that we are using a secure protocol (SFTP), it seems to require that the
>>user have a legitimate shell in the /etc/passwd file.  The problem this
>>presents is that they can now log in using a standard SSH client.  I
>>want to restrict their access so that they only have SFTP access, not
>>shell access.
>>
>>Any ideas on how I can use a non-legitimate shell in the /etc/passwd
>>file but still allow SFTP sessions?
>>
>>Shannon Merritt
>>
>>
>>
>The commercial implementation of SSH2 (from SSH Communications -
>http://www.ssh.com) comes with ssh-dummy-shell, which is just what
>you're looking for.  Unfortunately, OpenSSH seems to have no analog.
>
>Good luck,
>Bob
>
>
>
>