SFTP without valid login shell

[Jonathan Hutchins]

> -----Original Message-----
> From: Cockerham, Bill [mailto:bill.cockerham at aquila.com]

> Another method would be to give them all the same shell IE 
> /bin/bash.  Then,
> the first line of their .bashrc would be "exit".  It's a 
> bandaid approach I
> know, but it should work.  We have to use it for some 
> applications under
> Exceed.  This should allow FTP, but will automatically exit 
> them if they try
> to login with telnet.  It will only log them out on a log-in 
> of ssh if you
> have the sshd set to run login scripts.

Better yet, log the user ID to a security log, tell them they've been
naughty and know better, and report them to their supervisor for
unauthorized use of company resources.

Way too many admits are unwilling to inspire the proper level of FEAR in
their users.  It isn't good for the users, and it just makes more use for
the rest of us.

Jonathan, BOTH.