SFTP without valid login shell
Bob Stocker
bstocker at bloodtip.org
Tue May 21 17:51:07 CDT 2002
On Tue, 2002-05-21 at 10:54, Shannon Merritt wrote:
> On RedHat 7.2 (also on our Solaris servers), we allow our web site
> design team to upload content via SFTP on port 22. Previously we used
> the standard FTP protocol (port 21). With regular FTP uploads, the
> user's entry in the /etc/passwd file could contain a shell reference
> like "/bin/false" as long as that shell was defined in /etc/shells. Now
> that we are using a secure protocol (SFTP), it seems to require that the
> user have a legitimate shell in the /etc/passwd file. The problem this
> presents is that they can now log in using a standard SSH client. I
> want to restrict their access so that they only have SFTP access, not
> shell access.
>
> Any ideas on how I can use a non-legitimate shell in the /etc/passwd
> file but still allow SFTP sessions?
>
> Shannon Merritt
>
The commercial implementation of SSH2 (from SSH Communications -
http://www.ssh.com) comes with ssh-dummy-shell, which is just what
you're looking for. Unfortunately, OpenSSH seems to have no analog.
Good luck,
Bob
More information about the Kclug
mailing list