OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Shawn (shawnblack9.net)
Date: Wed Apr 04 2001 - 12:13:43 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Wow, thank you. That's exactly what I was looking for. I looked in the
    archives for sftp and came up with zero hits though. Thank you for the help

    I wish someone would put this stuff in the man pages

    -----Original Message-----
    From: Camiel Dobbelaar [mailto:dobbexs4all.nl]
    Sent: Wednesday, April 04, 2001 2:17 AM
    To: Shawn
    Subject: RE: Question about sftp

    This came up before. You might want to hit the archives.

    If I remember correctly the 'fix' was to make the shell
    /usr/libexec/sftp-server 

    --
Cam

    On Wed, 4 Apr 2001, Shawn wrote:

    > Right, but then ssh fails entirely.  I need them to be able to use sftp
and
> that requires ssh.
>
> -----Original Message-----
> From: John Wright [mailto:johndryfish.org]
> Sent: Wednesday, April 04, 2001 1:42 AM
> To: Shawn
> Cc: techopenbsd.org
> Subject: Re: Question about sftp
>
>
> How about setting their shell to /sbin/nologin or /bin/false.  Sshd might
> need whichever you choose to be in /etc/shells but if they try to login
they
> won't get a shell.
>
>
>
> On Wed, Apr 04, 2001 at 12:30:59AM -0700, Shawn wrote:
> > I searched the archives and found nothing on this.  I've also read the
man
> > pages.  So here is the question.  Please let me know if I can find this
> > somewhere else.
> >
> > Is there any way of giving users access to sftp on my server without
> > allowing them to login via ssh?  I'm slightly concerned that somebody
> might
> > find a file or directory with the wrong perms.  I don't want them
messing
> > with stuff and I figure that if I have to give them a fully operable
shell
> > to login via sftp then it allows them to login via ssh and this is bad
in
> my
> > opinion.  Are there certain commands that are required of sftp that you
> have
> > to enable for the restricted shell?
> >
> > What I'm currently using is the rksh for users.  However I found that
that
> > won't allow sftp access.  I only have "ls mkdir rm scp" enabled for this
> > restricted shell.
> >
> > All help appreciated.  Even the worthless kind  ;-)
> >
> >
>
>
>