sFTP nologin
Peter Risdon
peter at circlesquared.com
Fri Mar 25 07:15:18 PST 2005
On Fri, 2005-03-25 at 09:19 -0500, Grant Peel wrote:
> Hi all,
>
> Going blind again.
>
> Is there a quick - secure way to allow the sshd sFTP subsystem to allows
> sftp connections without allowing shell accounts?
I can't answer this directly - I did look for the same thing but
couldn't see how to do it (so I'd be really interested if you finda
way). I got the feeling that it needs a shell by definition.
But when I was looking, I noticed that security/openssh-portable has the
make option:
WITH_OPENSSH_CHROOT
which doesn't seem to exist for security/openssh and maybe tightens
things up a bit.
Closer to what you want might be would be rssh, but I've never tried
using it so can't comment further:
#less /usr/ports/shells/rssh/pkg-descr
rssh is a Restricted Secure SHell that allow only the use of sftp or
scp.
It could be use when you need an account (and a valid shell) in order to
execute sftp or scp but when you don't want to give the possibility to
log
in to this user.
WWW: http://www.pizzashack.org/rssh/index.shtml
- enigmatyc
HTH
Peter.
More information about the freebsd-questions
mailing list