Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 14 Dec 2004 10:45:58 -0800
From:      Doug Hardie <bc979@lafn.org>
To:        f-questions List <freebsd-questions@freebsd.org>
Subject:   Re: sftp and shell access
Message-ID:  <652DF22E-4E00-11D9-B2B9-000393681B06@lafn.org>
In-Reply-To: <200412141011.23225.josh@tcbug.org>
References:  <200412141011.23225.josh@tcbug.org>

next in thread | previous in thread | raw e-mail | index | archive | help

On Dec 14, 2004, at 02:11, Josh Paetzel wrote:

> I am looking for a way to give a user an sftp account without giving
> them a shell.  So far I've tried setting their shell
> to /sbin/nologin, but when they try to log in via sftp it gives them
> a "message to long" error.
>
> Any pointers would be appreciated...I've tried the FAQ, handbook and
> google so far.

sftp uses a ssh connection to tunnel to ftp.  The connection is 
actually made to your ssh port.  There is also ftps which is ftp with 
ssh imbedded in it (like https).  With that the connection is actually 
made to fhe ftp server port.  ftps is available in the ports 
(BSDftpd-ssl).  Since it doesn't use ssh you can set the user to not 
have login capability.

Clients for ftps or sftp are not always easy to find.  The web page for 
BSDftpd-ssl does list a number of compatable clients that are 
available.  I suspect that sometime there will be a general shift to 
one of those approaches and the other will go away which would make it 
easier to find clients.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?652DF22E-4E00-11D9-B2B9-000393681B06>