SFTP to /bin/false account?
Derek Martin
invalid at pizzashack.org
Mon Mar 15 14:23:01 EST 2004
On Mon, Mar 15, 2004 at 11:41:30AM -0500, Cole Tuininga wrote:
>
> Does anybody know if it's possible to get sshd to handle sftp
> connections to a "shell-less" account correctly? I'd like to let users
> upload files, but am a stickler for not giving out shell accounts unless
> absolutely necessary.
It is NOT possible. Both scp and sftp require the user to have a
valid shell in order to work. The reason is because sshd uses the
shell to set up the user's environment and eventually exec either the
scp binary, or the sftp-server binary on the remote system.
The good news is, you can still get what you want. I wrote a dummy
shell called rssh which does this for you. It can even handle
chrooting the user to a jail, if you can set up a chroot jail
properly. I include some documentation on how to set up a jail, but
the specifics are, well, somewhat system-specific. :) If you're on a
recent Red Hat system, the instructions should basically work for you.
If you're not, you'll have to make modifications as necessary.
You can get rssh here:
http://www.pizzashack.org/rssh/
[Though, the files are actually hosted on the sourceforge site.]
--
Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
-=-=-=-=-
Despite the ever-increasing complexities of human society and the advancement
of science and technology, the most perplexing problems that face most people
remain what to eat for lunch today, and who to sleep with tonight.
-=-=-=-=-
This message is posted from an invalid address. Replying to it will result in
undeliverable mail. Sorry for the inconvenience. Thank the spammers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20040315/5a0c2f86/attachment.bin
More information about the gnhlug-discuss
mailing list