restrict ssh access

Paul Schmehl pauls at
Fri Apr 25 19:30:33 UTC 2008

--On Friday, April 25, 2008 16:41:07 +0000 D Hill <d.hill at> 

> On Fri, 25 Apr 2008 at 09:30 -0700, cswiger at confabulated:
>> On Apr 25, 2008, at 6:46 AM, Geert Geurts wrote:
>>> I've got a server running a ssh server, I want to enable ssh for the use
>>> of sftp by a group of users, and limit their ssh access to just allow
>>> running passwd so they can change their default password. What whould be
>>> the best/easiest way to acomplish this, or something similiar?
>> I wonder what would happen if you gave them a shell of "/usr/bin/passwd"...?
>> :-)
> That should work. I just tested. When an ssh connection is made, it executes
> passwd. As soon as the password is changed, the ssh connection was closed:
>    %ssh -l asdf
>    Password:
>    ...
>    Changing local password for asdf
>    Old Password:
>    New Password:
>    Retype New Password:
>    Connection to closed.

Should make for some fascinating experiences with sftp.  :-)

Paul Schmehl (pauls at
Senior Information Security Analyst
The University of Texas at Dallas

More information about the freebsd-questions mailing list