From owner-freebsd-questions@FreeBSD.ORG  Wed Dec 15 01:03:04 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6A8C516A4CE
	for <freebsd-questions@freebsd.org>;
	Wed, 15 Dec 2004 01:03:04 +0000 (GMT)
Received: from zoot.lafn.org (zoot.lafn.ORG [206.117.18.6])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2AC0543D2F
	for <freebsd-questions@freebsd.org>;
	Wed, 15 Dec 2004 01:03:04 +0000 (GMT)	(envelope-from bc979@lafn.org)
Received: from [10.0.1.90] ([4.28.157.47])	(authenticated bits=0)
	by zoot.lafn.org (8.12.3p3/8.12.3) with ESMTP id iBF12tf9010292
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO)
	for <freebsd-questions@freebsd.org>;
	Tue, 14 Dec 2004 17:03:03 -0800 (PST)	(envelope-from bc979@lafn.org)
Mime-Version: 1.0 (Apple Message framework v619)
In-Reply-To: <200412141011.23225.josh@tcbug.org>
References: <200412141011.23225.josh@tcbug.org>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <652DF22E-4E00-11D9-B2B9-000393681B06@lafn.org>
Content-Transfer-Encoding: 7bit
From: Doug Hardie <bc979@lafn.org>
Date: Tue, 14 Dec 2004 10:45:58 -0800
To: f-questions List <freebsd-questions@freebsd.org>
X-Mailer: Apple Mail (2.619)
X-Virus-Scanned: ClamAV 0.80/629/Tue Dec 14 11:01:57 2004
	clamav-milter version 0.80j
	on zoot.lafn.org
X-Virus-Status: Clean
Subject: Re: sftp and shell access
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Dec 2004 01:03:04 -0000


On Dec 14, 2004, at 02:11, Josh Paetzel wrote:

> I am looking for a way to give a user an sftp account without giving
> them a shell.  So far I've tried setting their shell
> to /sbin/nologin, but when they try to log in via sftp it gives them
> a "message to long" error.
>
> Any pointers would be appreciated...I've tried the FAQ, handbook and
> google so far.

sftp uses a ssh connection to tunnel to ftp.  The connection is 
actually made to your ssh port.  There is also ftps which is ftp with 
ssh imbedded in it (like https).  With that the connection is actually 
made to fhe ftp server port.  ftps is available in the ports 
(BSDftpd-ssl).  Since it doesn't use ssh you can set the user to not 
have login capability.

Clients for ftps or sftp are not always easy to find.  The web page for 
BSDftpd-ssl does list a number of compatable clients that are 
available.  I suspect that sometime there will be a general shift to 
one of those approaches and the other will go away which would make it 
easier to find clients.