https://community.hpe.com/t5/operating-system-hp-ux/sftp-without-a-shell/m-p/2968018#M752808 I forgot: To restrict the users to their home you can use chroot of course.<BR /><BR />Chris<BR /><BR /><BR />Hint:<BR /><A href="http://www.linuxquestions.org/questions/showthread.php?s=&amp;threadid=46874&amp;highlight=chroot+ssh" target="_blank">http://www.linuxquestions.org/questions/showthread.php?s=&amp;threadid=46874&amp;highlight=chroot+ssh</A><BR /> Thu, 08 May 2003 04:54:36 GMT Christian Gebhardt 2003-05-08T04:54:36Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-without-a-shell/m-p/2968016#M752806 i want to only allow sftp ability to users. <BR /><BR />i currently have openSSH with chroot patch installed.<BR /><BR />i would like for a user defined as follows to be able to sftp:<BR /><BR />cctest:xxx:100:200:comment:/home/user/./cctest:/usr/bin/ftponly<BR /><BR />thanks in advance,<BR /><BR /><BR />chris Wed, 07 May 2003 21:58:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-without-a-shell/m-p/2968016#M752806 William Harris_3 2003-05-07T21:58:22Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-without-a-shell/m-p/2968017#M752807 Hi <BR /><BR />you have to give the user the sftp-server as login-shell:<BR /><BR />cctest:xxx:100:200:comment:/home/user/./cctest:/opt/openssh2/libexec/sftp-server<BR /><BR />(this is my PATH to the sftp-server)<BR /><BR />Chris Thu, 08 May 2003 04:44:16 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-without-a-shell/m-p/2968017#M752807 Christian Gebhardt 2003-05-08T04:44:16Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-without-a-shell/m-p/2968018#M752808 I forgot: To restrict the users to their home you can use chroot of course.<BR /><BR />Chris<BR /><BR /><BR />Hint:<BR /><A href="http://www.linuxquestions.org/questions/showthread.php?s=&amp;threadid=46874&amp;highlight=chroot+ssh" target="_blank">http://www.linuxquestions.org/questions/showthread.php?s=&amp;threadid=46874&amp;highlight=chroot+ssh</A><BR /> Thu, 08 May 2003 04:54:36 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-without-a-shell/m-p/2968018#M752808 Christian Gebhardt 2003-05-08T04:54:36Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-without-a-shell/m-p/2968019#M752809 Hi,<BR /><BR />Iam using rssh for that purpose. <BR /><BR /><A href="http://www.pizzashack.org/rssh/index.shtml" target="_blank">http://www.pizzashack.org/rssh/index.shtml</A><BR /><BR />regards,<BR /><BR />U.SivaKumar<BR /><BR /> Thu, 08 May 2003 05:04:56 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-without-a-shell/m-p/2968019#M752809 U.SivaKumar_2 2003-05-08T05:04:56Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-without-a-shell/m-p/2968020#M752810 hi<BR /><BR />not sure with sftp, but this is what we do for ftp only users. the same logic can be applied for sftp as well.<BR /><BR />1. add /usr/bin/passwd to /etc/shells.<BR />2. user /usr/bin/passwd as the shell for all ftp only users.<BR /><BR />with this, in case the user needs to change passwd, he telnets to the server and after he logins, he is forced to change the password (if required).<BR /><BR />-balaji Thu, 08 May 2003 05:04:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-without-a-shell/m-p/2968020#M752810 Balaji N 2003-05-08T05:04:59Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-without-a-shell/m-p/2968021#M752811 Christian's method (of using sftp-server as the login shell) will work, but I believe you'll need to build openssh (and hence openssl and zlib) statically. I.e., for the openssh build, you would do:<BR /><BR />./configure --with-ldflags="-static" [other options] Thu, 08 May 2003 18:36:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-without-a-shell/m-p/2968021#M752811 Tim Maletic 2003-05-08T18:36:01Z