Hello all, Here is our environment:
1. FreeBSD 5.1-RELEASE 1. proftpd running and a user account called 'sandy' is chrooted and working fine. 2. sshd version OpenSSH_3.6.1p1 FreeBSD-20030423 with DenyUsers for user account 'sandy'. Tested, sandy can not ssh to the system. This is also desired. # grep DenyUsers /etc/ssh/sshd_config DenyUsers sandy The setup we want is to have the followings: A. User can ftp. B. User can sftp but on ssh. C. User can only sftpd to the same chroot'ed directory which is also used for ftp. Here A is fine. B is not as DenyUsers does not let 'sandy' to user sftp-server defined in /etc/ssh/sshd_config as follows: Subsystem sftp /usr/libexec/sftp-server If I remove the user 'sandy' against the DenyUsers, it does let him to use both ssh and sftp sessions. This is working as designed. To make things more complicated, I cp the /sbin/nologin to /sbin/ftponly and placed in /etc/shells and removed against DenyUsers for 'sandy'. He initialize a ssh session and ends up in getting "This account is currently not available." which is good and also verified in the /var/log/auth.log file as: Dec 10 04:41:11 ftp sshd: Accepted password for sandy from x.x.x.x port 1287 ssh2 Dec 10 04:41:11 ftp sshd: session_input_channel_req: no session 0 req window-change and when starting a sftp session, no success either and /var/log/auth.log indicates: Dec 10 04:44:07 ftp sshd: Accepted password for sandy from x.x.x.x port 1296 ssh2 Dec 10 04:44:07 ftp sshd: subsystem request for sftp Moral of the story: Is it possible with the above environment that a system can act as an ftp and sftp servers only at the same time. If possibly it does, how some one chroot the environment like in proftpd for the DefaultRoot set to same in sftp session. Thank you for reading my first letter to this list! | | | | |===| |___| ).( \|/ S. Mohammad [EMAIL PROTECTED] '--- Who taught by the pen [96.04 Qur'an] _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"