SFTP without valid login shell
Shannon Merritt
smerritt at home.aafp.org
Tue May 21 15:45:08 CDT 2002
On RedHat 7.2 (also on our Solaris servers), we allow our web site
design team to upload content via SFTP on port 22. Previously we used
the standard FTP protocol (port 21). With regular FTP uploads, the
user's entry in the /etc/passwd file could contain a shell reference
like "/bin/false" as long as that shell was defined in /etc/shells. Now
that we are using a secure protocol (SFTP), it seems to require that the
user have a legitimate shell in the /etc/passwd file. The problem this
presents is that they can now log in using a standard SSH client. I
want to restrict their access so that they only have SFTP access, not
shell access.
Any ideas on how I can use a non-legitimate shell in the /etc/passwd
file but still allow SFTP sessions?
Shannon Merritt
More information about the Kclug
mailing list