SFTP without valid login shell
I am Spartacus
spartacus at home.aafp.org
Wed May 22 16:26:26 CDT 2002
Thanks, Bob. That was exactly what I needed. Those pesky users are now
locked out of shell access.
Bob Stocker wrote:
>On Tue, 2002-05-21 at 10:54, Shannon Merritt wrote:
>
>
>>On RedHat 7.2 (also on our Solaris servers), we allow our web site
>>design team to upload content via SFTP on port 22. Previously we used
>>the standard FTP protocol (port 21). With regular FTP uploads, the
>>user's entry in the /etc/passwd file could contain a shell reference
>>like "/bin/false" as long as that shell was defined in /etc/shells. Now
>>that we are using a secure protocol (SFTP), it seems to require that the
>>user have a legitimate shell in the /etc/passwd file. The problem this
>>presents is that they can now log in using a standard SSH client. I
>>want to restrict their access so that they only have SFTP access, not
>>shell access.
>>
>>Any ideas on how I can use a non-legitimate shell in the /etc/passwd
>>file but still allow SFTP sessions?
>>
>>Shannon Merritt
>>
>>
>>
>The commercial implementation of SSH2 (from SSH Communications -
>http://www.ssh.com) comes with ssh-dummy-shell, which is just what
>you're looking for. Unfortunately, OpenSSH seems to have no analog.
>
>Good luck,
>Bob
>
>
>
>
More information about the Kclug
mailing list