rksh is available on AIX 5.x, and it works fine with ssh and scp, however
it does not allow you to cd (including subdirectories) and doe not allow you
to run a command with a leading "/", so you can not spawn the sftp process.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Jeremy C. Reed
Sent: Tuesday, November 20, 2007 11:03 AM
To: Rob Sherry
Cc: secureshell@securityfocus.com; secureshell-return-9680@securityfocus.com
Subject: Re: Restricted (ksh -r) shell and SSH on AIX5.1

> Set user's shell to /usr/bin/ksh -r)
> Now, every time he tries to log in via either ssh *or* sftp, I get the
> following showing up in the syslog:
> Nov 19 10:21:09 hostname sshd[811106]: User bogus not allowed because
> shell /usr/bin/ksh -r is not executable

It is literally with a space and -r. You don't use command line arguments in
the passwd(5) file.

> Anyone have any ideas? Am I missing something stupidly simple? (and
> yes, /usr/bin/ksh *is* executable)

ls -l "/usr/bin/ksh -r"

Maybe you can make a script rksh that runs ksh -r. Some systems already have
a rksh for restricted ksh. (Check if you already have rksh.)