Date: Fri, 25 Mar 2005 15:15:04 +0000 From: Peter Risdon <peter@circlesquared.com> To: Grant Peel <gpeel@thenetnow.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: sFTP nologin Message-ID: <1111763704.756.338.camel@lorna.circlesquared.com> In-Reply-To: <002c01c53145$b9c64390$6401a8c0@GRANT> References: <002c01c53145$b9c64390$6401a8c0@GRANT>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2005-03-25 at 09:19 -0500, Grant Peel wrote: > Hi all, > > Going blind again. > > Is there a quick - secure way to allow the sshd sFTP subsystem to allows > sftp connections without allowing shell accounts? I can't answer this directly - I did look for the same thing but couldn't see how to do it (so I'd be really interested if you finda way). I got the feeling that it needs a shell by definition. But when I was looking, I noticed that security/openssh-portable has the make option: WITH_OPENSSH_CHROOT which doesn't seem to exist for security/openssh and maybe tightens things up a bit. Closer to what you want might be would be rssh, but I've never tried using it so can't comment further: #less /usr/ports/shells/rssh/pkg-descr rssh is a Restricted Secure SHell that allow only the use of sftp or scp. It could be use when you need an account (and a valid shell) in order to execute sftp or scp but when you don't want to give the possibility to log in to this user. WWW: http://www.pizzashack.org/rssh/index.shtml - enigmatyc HTH Peter.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1111763704.756.338.camel>