[TriLUG] sftp without shell access?
Matt McGrievy
mcgrievy at email.unc.edu
Wed Dec 7 10:26:17 EST 2005
One option is to set the shell to be the sftp-server (don't forget to
add it to /etc/shells). The only problem with that is it doesn't chroot
them. So they could still wander around the file system with sftp
client. You can find various patches to implement the chroot if you
google for "sftp chroot." One of them is here:
http://chrootssh.sourceforge.net/index.php
-Matt
Scott Lundgren wrote:
> I only want to allow users to SFTP into their account and not let them
> have shell access in their account. Google has a couple choices:
>
> a fake shell:
> http://lists.suse.com/archive/suse-security/2002-Mar/0351.html
> a restricted shell: http://www.pizzashack.org/rssh/index.shtml
> jailkit: http://olivier.sessink.nl/jailkit/
>
> Any recommendations or other solutions?
>
> danke,
> Scott
>
More information about the TriLUG
mailing list