[TriLUG] sftp without shell access?
Rosenstrauch, David
david.rosenstrauch at csfb.com
Wed Dec 7 10:17:10 EST 2005
> I only want to allow users to SFTP into their account and not
> let them
> have shell access in their account. Google has a couple choices:
>
> a fake shell:
> http://lists.suse.com/archive/suse-security/2002-Mar/0351.html
> a restricted shell: http://www.pizzashack.org/rssh/index.shtml
> jailkit: http://olivier.sessink.nl/jailkit/
>
> Any recommendations or other solutions?
>
> danke,
> Scott
You might want to take a look at scponly too:
"how it works:
If you were to examine the arguments passed to a shell by sshd upon opening a remote connection, the structure of the argument vector invariably looks like this:
(shell name) -c (remote command)
scponly validates remote requests by examining the third argument. There is a configurable list of default programs permitted by scponly (with what i consider sane defaults)."
http://www.sublimation.org/scponly/
DR
==============================================================================
Please access the attached hyperlink for an important electronic communications disclaimer:
http://www.csfb.com/legal_terms/disclaimer_external_email.shtml
==============================================================================
More information about the TriLUG
mailing list