On Wed, Sep 28, 2011 at 7:10 AM, David Walker <[email protected]>wrote:
> Hi Stefan. > > On 28/09/2011, Stefan Johnson <[email protected]> wrote: > > Please disregard my last... gmail sent the email before I was finished > > composing it. > > I figured as much. > > > Using false for your shell is okay for ftp. It is not for ssh/sftp. > > I kind of expect that SSH (the shell) either passes commands directly > to the sftp-server or the sftp-server is enough of a shell to take > over (in the same way that ftpd has enough vocabulary) ... > In that sense it wouldn't seem useful to have another shell in play. > SSH isn't a shell. It is a protocol. In much the same sense as FTP is not a shell but a protocol. FTP is designed with file transfers in mind, and therefore handles file I/O without the need of a shell process to set up an environment, etc. SSH (and by extension, SFTP) need a valid shell to do that for you. I've seen an implementation of SSH that allows for /bin/false for sftp, but unless something changed and I missed it, OpenSSH does not. > > I'm not saying you're wrong but unless I get something definitive > (e.g. a man page) I'll test it anyway. > > > Match User sftpuser > > X11Forwarding no > > AllowTcpForwarding no > > ForceCommand internal-sftp > > ChrootDirectory /home/sftpuser > > > > Where the user is named sftpuser and the home directory for the user is > > /home/sftpuser. > > Yeah I got that bit worked out and I've got the forwarding commands > globally. > If you intend to use logging, check the tail end of the man page for sftp-server as well. There is a blurb about needing to set something up for syslog in there. Good luck! Stefan Johnson
