Hi, Try this:
http://www.debian-administration.org/articles/94 --snip-- Add user as usually and assign him a password. Then run the following command (replace the 'username' with real user name): [EMAIL PROTECTED] # usermod -s /usr/lib/sftp-server username This changes user's shell to sftp-server. The last step for this to work is to add '/usr/lib/sftp-server' to /etc/shells to make it a valid shell, eg. like this: [EMAIL PROTECTED] # echo '/usr/lib/stfp-server' >> /etc/shells There. Now you've setup a user who can only access your server with SFTP. --snip-- Cheers, Sven -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Amos Shapira Gesendet: Montag, 14. April 2008 12:18 An: Slug Betreff: [SLUG] restricting ssh private key to access sftp only Hello, I'm setting up a script which uses sftp to manipulate remote files through ssh. I created a private/public key pair for it without a pass phrase on it, installed the public key on the remote server and now I can use both "ssh" and "sftp" to login to it. I'd like to restrict this key to be able to use only "sftp" and nothing else. According to "man sshd", the "command" option should do that: command="command" Specifies that the command is executed whenever this key is used for authentication. ...Note that this option applies to shell, command or subsystem execution. So I added a "command="sftp"" to that key's line but this causes the entire session to abort. When I remove the "command" part I can use sftp and ssh again. Can anyone give an example on how can I do this? Thanks, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
