[TriLUG] sftp without shell access?

Rosenstrauch, David david.rosenstrauch at csfb.com
Wed Dec 7 10:17:10 EST 2005



> I only want to allow users to SFTP into their account and not 
> let them 
> have shell access in their account. Google has a couple choices:
> 
> a fake shell: 
> http://lists.suse.com/archive/suse-security/2002-Mar/0351.html
> a restricted shell: http://www.pizzashack.org/rssh/index.shtml
> jailkit: http://olivier.sessink.nl/jailkit/
> 
> Any recommendations or other solutions?
> 
> danke,
> Scott


You might want to take a look at scponly too:

"how it works:
If you were to examine the arguments passed to a shell by sshd upon opening a remote connection, the structure of the argument vector invariably looks like this:

(shell name) -c (remote command)

scponly validates remote requests by examining the third argument. There is a configurable list of default programs permitted by scponly (with what i consider sane defaults)."

http://www.sublimation.org/scponly/


DR

==============================================================================
Please access the attached hyperlink for an important electronic communications disclaimer: 

http://www.csfb.com/legal_terms/disclaimer_external_email.shtml

==============================================================================




More information about the TriLUG mailing list