From owner-freebsd-questions@FreeBSD.ORG Fri Mar 25 16:09:37 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D837016A4CE for ; Fri, 25 Mar 2005 16:09:37 +0000 (GMT) Received: from lorna.circlesquared.com (host217-45-219-85.in-addr.btopenworld.com [217.45.219.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id C220443D46 for ; Fri, 25 Mar 2005 16:09:36 +0000 (GMT) (envelope-from peter@circlesquared.com) Received: from localhost.circlesquared.com (localhost.circlesquared.com [127.0.0.1])j2PG9Ovx011409; Fri, 25 Mar 2005 16:09:24 GMT (envelope-from peter@circlesquared.com) From: Peter Risdon To: Eric McCoy In-Reply-To: <4244354E.10401@haystacks.org> References: <002c01c53145$b9c64390$6401a8c0@GRANT> <4244354E.10401@haystacks.org> Content-Type: text/plain Date: Fri, 25 Mar 2005 16:09:24 +0000 Message-Id: <1111766964.756.343.camel@lorna.circlesquared.com> Mime-Version: 1.0 X-Mailer: Evolution 2.0.3 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit cc: Grant Peel cc: "freebsd-questions@freebsd.org" Subject: Re: sFTP nologin X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Mar 2005 16:09:38 -0000 On Fri, 2005-03-25 at 10:59 -0500, Eric McCoy wrote: > Grant Peel wrote: > > Is there a quick - secure way to allow the sshd sFTP subsystem to allows > > sftp connections without allowing shell accounts? > > Create the account and set its shell to /sbin/nologin. You can safely > add that to /etc/shells: it does its name and just prints a terse > message before booting the user if he tries to connect via vanilla SSH. Hmmm... I tried that myself before and it didn't work. I get: Received message too long 1416128883 from sftp if I try to log in to an account with /sbin/nologin as the shell. That's why I suggested rssh to the OP. Peter.