HPE Community
Operating System - HP-UX
1827760 Members
2659 Online
109969 Solutions
New Discussion

Re: sftp without a shell

 
SOLVED
Go to solution
William Harris_3
Occasional Contributor

‎05-07-2003 02:58 PM

‎05-07-2003 02:58 PM

sftp without a shell

i want to only allow sftp ability to users.

i currently have openSSH with chroot patch installed.

i would like for a user defined as follows to be able to sftp:

cctest:xxx:100:200:comment:/home/user/./cctest:/usr/bin/ftponly

thanks in advance,


chris
0 Kudos
Reply
5 REPLIES 5
Christian Gebhardt
Honored Contributor

‎05-07-2003 09:44 PM

‎05-07-2003 09:44 PM

Solution

Re: sftp without a shell

Hi

you have to give the user the sftp-server as login-shell:

cctest:xxx:100:200:comment:/home/user/./cctest:/opt/openssh2/libexec/sftp-server

(this is my PATH to the sftp-server)

Chris
Reply
Christian Gebhardt
Honored Contributor

‎05-07-2003 09:54 PM

‎05-07-2003 09:54 PM

Re: sftp without a shell

I forgot: To restrict the users to their home you can use chroot of course.

Chris


Hint:
http://www.linuxquestions.org/questions/showthread.php?s=&threadid=46874&highlight=chroot+ssh
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

‎05-07-2003 10:04 PM

‎05-07-2003 10:04 PM

Re: sftp without a shell

Hi,

Iam using rssh for that purpose.

http://www.pizzashack.org/rssh/index.shtml

regards,

U.SivaKumar

Innovations are made when conventions are broken
0 Kudos
Reply
Balaji N
Honored Contributor

‎05-07-2003 10:04 PM

‎05-07-2003 10:04 PM

Re: sftp without a shell

hi

not sure with sftp, but this is what we do for ftp only users. the same logic can be applied for sftp as well.

1. add /usr/bin/passwd to /etc/shells.
2. user /usr/bin/passwd as the shell for all ftp only users.

with this, in case the user needs to change passwd, he telnets to the server and after he logins, he is forced to change the password (if required).

-balaji
Its Always Important To Know, What People Think Of You. Then, Of Course, You Surprise Them By Giving More.
0 Kudos
Reply
Tim Maletic
Valued Contributor

‎05-08-2003 11:36 AM

‎05-08-2003 11:36 AM

Re: sftp without a shell

Christian's method (of using sftp-server as the login shell) will work, but I believe you'll need to build openssh (and hence openssl and zlib) statically. I.e., for the openssh build, you would do:

./configure --with-ldflags="-static" [other options]
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.