On Fri, 2003-08-08 at 14:27, Skibi de LaPies wrote: > OK, that's not a problem, but when they have shell (/bin/sh) they can work > remotely (that is not what I want) and when they do not have a interactive > shell (entry in /etc/passwd shows /bin/false) they cannot login either to > ssh or sftp.
No, they can't. To access a machine through ssh, there must be a valid username, password, home directory, and shell. ssh is nothing more than a fancy telnet/rsh, and it has to be possible for the user to operate the machine before the ssh daemon can complete the connection. And sftp rides on ssh. > Maybe I'm doing something wrong, because I use the default sftp service > which is in OpenSSH: > (/etc/ssh/sshd_config)Subsystem sftp > /usr/libexec/openssh/sftp-server > Maybe i should install a normal ftp server? (but the security case then?) A normal ftp server wouldn't work either, and for the same reason. The ftp daemon logs you in (that works fine with no /bin/false as a shell), and then starts a shell to run its fileserver - that's where things fail. > My ideal solution would be: leave /usr/bin/passwd as shell, access for users > to their ftp accounts through sftp (client may be putty psftp.exe or > something). > > How to achieve it? I could never be considered a *nix guru, but I don't think it can be done using 'regular' components. What you need is either a special program that acts enough like a shell to make ssh happy, or a file serving daemon that doesn't use a shell. In other words, I don't know. -- Glenn English [EMAIL PROTECTED] --------------------------------------------------------------------------- ----------------------------------------------------------------------------
