[TriLUG] sftp without shell access?
david.rosenstrauch at csfb.com
Wed Dec 7 10:17:10 EST 2005
> I only want to allow users to SFTP into their account and not
> let them
> have shell access in their account. Google has a couple choices:
> a fake shell:
> a restricted shell: http://www.pizzashack.org/rssh/index.shtml
> jailkit: http://olivier.sessink.nl/jailkit/
> Any recommendations or other solutions?
You might want to take a look at scponly too:
"how it works:
If you were to examine the arguments passed to a shell by sshd upon opening a remote connection, the structure of the argument vector invariably looks like this:
(shell name) -c (remote command)
scponly validates remote requests by examining the third argument. There is a configurable list of default programs permitted by scponly (with what i consider sane defaults)."
Please access the attached hyperlink for an important electronic communications disclaimer:
More information about the TriLUG