Re: sftp and shell access
Josh Paetzel wrote: I am looking for a way to give a user an sftp account without giving them a shell. So far I've tried setting their shell to /sbin/nologin, but when they try to log in via sftp it gives them a message to long error. Any pointers would be appreciated...I've tried the FAQ, handbook and google so far. Hi, I am using ports/shells/scponly for this purpose. It even comes with a neat little script 'setup_chroot.sh' which automagically sets up a chroot cage for your scp/sftp user (it will also create the user itself). Have a look at the beginning of the port's Makefile for a list of available options. The only thing I couldn't get to work (I was in a hurry then) was authentication with ssh-keys. If you get this one running, please be so kind and drop me a line. Simon pgpu7mSoV645J.pgp Description: PGP signature
Re: sftp and shell access
On Tue, 14 Dec 2004 10:45:58 -0800, Doug Hardie [EMAIL PROTECTED] wrote: On Dec 14, 2004, at 02:11, Josh Paetzel wrote: I am looking for a way to give a user an sftp account without giving them a shell. So far I've tried setting their shell to /sbin/nologin, but when they try to log in via sftp it gives them a message to long error. Any pointers would be appreciated...I've tried the FAQ, handbook and google so far. sftp uses a ssh connection to tunnel to ftp. The connection is actually made to your ssh port. There is also ftps which is ftp with ssh imbedded in it (like https). With that the connection is actually made to fhe ftp server port. ftps is available in the ports (BSDftpd-ssl). Since it doesn't use ssh you can set the user to not have login capability. not to nit pick but doesn't https and ftps encrypt data via SSL not ssh. -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sftp and shell access
I am looking for a way to give a user an sftp account without giving them a shell. So far I've tried setting their shell to /sbin/nologin, but when they try to log in via sftp it gives them a message to long error. Any pointers would be appreciated...I've tried the FAQ, handbook and google so far. -- Thanks, Josh Paetzel ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sftp and shell access
On 12/14/04 10:11 AM, Josh Paetzel sat at the `puter and typed: I am looking for a way to give a user an sftp account without giving them a shell. So far I've tried setting their shell to /sbin/nologin, but when they try to log in via sftp it gives them a message to long error. Any pointers would be appreciated...I've tried the FAQ, handbook and google so far. Can you restrict external logins from /etc/login.access? You can do it by username or group, ie. ftponly. This should do it: # Disallow logins to all in the ftponly group -:ftponly:ALL This should only affect shell logins, so ftp should still work. -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Correspondence Corollary: An experiment may be considered a success if no more than half your data must be discarded to obtain correspondence with your theory. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: sftp and shell access
Someone broke the silence: I am looking for a way to give a user an sftp account without giving them a shell. So far I've tried setting their shell to /sbin/nologin, but when they try to log in via sftp it gives them a message to long error. Any pointers would be appreciated...I've tried the FAQ, handbook and google so far. I have used scponly and rssh for those purposes. Both of them are in the ports. Chris ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sftp and shell access
On Dec 14, 2004, at 02:11, Josh Paetzel wrote: I am looking for a way to give a user an sftp account without giving them a shell. So far I've tried setting their shell to /sbin/nologin, but when they try to log in via sftp it gives them a message to long error. Any pointers would be appreciated...I've tried the FAQ, handbook and google so far. sftp uses a ssh connection to tunnel to ftp. The connection is actually made to your ssh port. There is also ftps which is ftp with ssh imbedded in it (like https). With that the connection is actually made to fhe ftp server port. ftps is available in the ports (BSDftpd-ssl). Since it doesn't use ssh you can set the user to not have login capability. Clients for ftps or sftp are not always easy to find. The web page for BSDftpd-ssl does list a number of compatable clients that are available. I suspect that sometime there will be a general shift to one of those approaches and the other will go away which would make it easier to find clients. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]