- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- SSH Without SFTP
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-04-2007 01:50 PM
тАО07-04-2007 01:50 PM
Is there any way I can give a user to SSH but not to SFTP? I can give SFTP access without SSH, but I'm not quite sure of the reverse.
Usually, in my environment, some of the users are given telnet access but no FTP. So, when it was changed to use SSH, the SFTP connection should also be restricted for some users. And since FTP is different from SFTP, I don't quite know where to look here.
Can someone enlighten me? :)
Thanks,
=adley=
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-04-2007 01:53 PM
тАО07-04-2007 01:53 PM
Re: SSH Without SFTP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-04-2007 06:51 PM
тАО07-04-2007 06:51 PM
SolutionTo make the file access permissions work as expected, sshd starts this process using the user's identity (username & groups) after the authentication is completed.
By making the sftp-server binary not executable by some users, you could disable SFTP for them. Or you could build a wrapper for sftp-server that makes any checks you want before invoking the real sftp-server.
Use the "Subsystem" keyword in the sshd_config file to make sshd start your wrapper instead of the real sftp-server.
Note that this won't be a strong protection, but more like a way to "keep honest people honest". A person with sufficient UNIX knowledge will easily find a way to transfer a file regardless, if you don't use some sort of a restricted shell in addition to SFTP disabling.
Consider this:
tar cf - somedir | ssh somehost "cd /tmp; tar xvf -"
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-04-2007 07:29 PM
тАО07-04-2007 07:29 PM
Re: SSH Without SFTP
viz. allow someone who mustn't login via ssh to still be able to do sftp transfers.
Honestly, I don't know if this is configerable at all since, as I understand it, ssh's facility to also grant secure ftp is merely a concession for ftp-stubborn users who are reluctant to learn the little how to use the ssh command.
As matti mentioned, sftp seems completely redundant because you always can copy files like this (read/write permissions of source and target provided)
$ ssh me@remote 'cat > /my/remote/target' < /my/local/source
The AllowUser or DenyUser directives in sshd_config most likely can only be used to fend of certain users completely from using ssh (sftp included).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-04-2007 11:09 PM
тАО07-04-2007 11:09 PM
Re: SSH Without SFTP
Matti's solution is what I'm looking for.
Well, it's not perfect I know, but it's good enough.
=adley=