[TriLUG] sftp without shell access?

Matt McGrievy mcgrievy at email.unc.edu
Wed Dec 7 10:26:17 EST 2005


One option is to set the shell to be the sftp-server (don't forget to 
add it to /etc/shells).  The only problem with that is it doesn't chroot 
them.  So they could still wander around the file system with sftp 
client.  You can find various patches to implement the chroot if you 
google for "sftp chroot."  One of them is here:

http://chrootssh.sourceforge.net/index.php

-Matt

Scott Lundgren wrote:
> I only want to allow users to SFTP into their account and not let them 
> have shell access in their account. Google has a couple choices:
> 
> a fake shell: 
> http://lists.suse.com/archive/suse-security/2002-Mar/0351.html
> a restricted shell: http://www.pizzashack.org/rssh/index.shtml
> jailkit: http://olivier.sessink.nl/jailkit/
> 
> Any recommendations or other solutions?
> 
> danke,
> Scott
> 



More information about the TriLUG mailing list