Possible feature request - SSH

This is a discussion on Possible feature request - SSH ; Is there an "official" way (with out user-made scripts or playing tricks with login shells) to enable only SFTP and not an ssh shell for a given user? ie something in the server config file along the lines of: sftponly ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Possible feature request

  1. Possible feature request

    Is there an "official" way (with out user-made scripts or playing tricks with
    login shells) to enable only SFTP and not an ssh shell for a given user? ie
    something in the server config file along the lines of:

    sftponly foobar1 foobar2
    (or for shells only)
    shellonly foobar3 foobar4


    I know this has been brought up before in various forms and this newsgroup and
    it seems like for some people (me included) this functionality would be
    appreciated. From a programming standpoint, this wouldn't be tooooo hard to add
    to openssh would it?

    ~David~

  2. Re: Possible feature request

    >>>>> "David" == ~David~ writes:

    David> Is there an "official" way (with out user-made scripts or
    David> playing tricks with login shells) to enable only SFTP and not
    David> an ssh shell for a given user? ie something in the server
    David> config file along the lines of:

    David> sftponly foobar1 foobar2 (or for shells only) shellonly foobar3
    David> foobar4

    The easiest way is to require publickey authentication and use a forced
    command -- however, you then have to be careful to prevent the user from
    modifying his own authorization file. But there's nothing direct. Other
    implementations have more fine-grained control over what kind of channels
    the client is allowed to open; the VanDyke SSH server can do this.

    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread