[ale] Restricting users to sftp

Beddingfield, Allen allen at ua.edu
Thu May 28 10:31:04 EDT 2015


Yeah, we’ve been playing with trying to get it working on SLES 12 here...
--
Allen Beddingfield
Systems Engineer
The University of Alabama









On 5/28/15, 9:29 AM, "ale-bounces at ale.org on behalf of Jim Kinney" <ale-bounces at ale.org on behalf of jim.kinney at gmail.com> wrote:

>Ah. Read the mailing list threads. Not quite abandoned but pretty much
>so.
>
>Maybe a RedHat or SuSe team can pick it up as their commercial stuff
>benefits from the security aspects of rssh.
>
>On Thu, 2015-05-28 at 14:09 +0000, Beddingfield, Allen wrote:
>> For years now, we have been using RSSH to restrict users to sftp-only
>> on our web servers.  
>> http://www.pizzashack.org/rssh/
>> Unfortunately, this is pretty much an abandoned project, now.  
>> The way it works is that you just change the user’s shell to rssh, and
>> sftp/scp is the only thing allowed. You can also set a umask in the
>> rssh.conf file  in /etc
>> I’m looking for a way to do this without using RSSH. I see
>> instructions for sftp-only/chroot for OpenSSH,but that seems a little
>> much for what we are wanting to accomplish.  My only goal is the
>> prevent shell access – I don’t need the chroot setup.
>> Any clever ideas?
>> Thanks.
>> Allen B.
>> --
>> Allen Beddingfield
>> Systems Engineer
>> The University of Alabama
>> 
>> 
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>
>-- 
>James P. Kinney III
>
>Every time you stop a school, you will have to build a jail. What you
>gain at one end you lose at the other. It's like feeding a dog on his
>own tail. It won't fatten the dog.
>- Speech 11/23/1900 Mark Twain
>
>http://heretothereideas.blogspot.com/
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at
>http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list