[ale] Restricting users to sftp

[Michael Trausch]

Assign forced command ssh keys. All ssh subsystems are standalone executables; you can easily force the an incoming connection to only allow sftp, IMAP, or any other command on the system. Prohibit PTY allocation as well. See the man pages for the authorized_keys files. You can force these either in ~/.ssh or more securely in the sshd global config file. Either way ensure user has no delete or write to the file or they can change it. 

Sent from my iPhone

> On May 28, 2015, at 10:09 AM, Beddingfield, Allen <allen at ua.edu> wrote:
> 
> For years now, we have been using RSSH to restrict users to sftp-only on our web servers.  
> http://www.pizzashack.org/rssh/
> Unfortunately, this is pretty much an abandoned project, now.  
> The way it works is that you just change the user’s shell to rssh, and sftp/scp is the only thing allowed. You can also set a umask in the rssh.conf file  in /etc
> I’m looking for a way to do this without using RSSH. I see instructions for sftp-only/chroot for OpenSSH,but that seems a little much for what we are wanting to accomplish.  My only goal is the prevent shell access – I don’t need the chroot setup.
> Any clever ideas?
> Thanks.
> Allen B.
> --
> Allen Beddingfield
> Systems Engineer
> The University of Alabama
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150529/c782f1ad/attachment.html>