Re: allow SFTP FTP but not SSH. Can ??

• Previous message: Chris Jones: "getting hibernate / ACPI suspend to work"
• In reply to: M E Fieu: "allow SFTP FTP but not SSH. Can ??"
• Next in thread: Jorge Fábregas: "Re: allow SFTP FTP but not SSH. Can ??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 02 May 2005 07:39:05 -0500
To: For users of Fedora Core releases <fedora-list@redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Hi.. I just create a linux account e.g account1 After creating this
> account, people can ftp , ssh and sftp in to the server using this
> account. But is there a way to restrict people from SSH using this
> account but still allowing ftp and sftp?? (without doing anything
> on the firewall?

It would alot easier if you forced the users off of ftp and provided
them sftp only access. To allow them sftp only access you simply need
to replace their shell in /etc/passwd with the path to the sftp daemon.

i.e. testuser:x:1000:99::/home/testuser:/bin/bash would be replaced
with testuser:x:1000:99::/home/testuser:/usr/libexec/openssh/sftp-server

If you had to allow both ftp and sftp access you could write a custom
shell that indicated that only a shell like /bin/ftponly or the
/usr/libexec/openssh/sftp-server were allowed for the accounts in
question.

- --
Aaron M. Hirsch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFCdh9pc70alSUhiSIRAtXmAKCOL2Q7tWksamTdOoIvoHJnk+alRACgqb9E
jXb2j2FJTE7n4fPm0ub9dak=
=QxMm
-----END PGP SIGNATURE-----

_______________________________________________________________________

This e-mail message is intended only for the named recipient(s) above.It may contain confidential information. If you are not the intendedrecipient you are hereby notified that any dissemination, distributionor copying of this e-mail and any attachment(s) is strictly prohibited.If you have received this e-mail in error, please immediately notifythe sender by replying to this e-mail and delete the message and anyattachment(s) from your system.

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

• Previous message: Chris Jones: "getting hibernate / ACPI suspend to work"
• In reply to: M E Fieu: "allow SFTP FTP but not SSH. Can ??"
• Next in thread: Jorge Fábregas: "Re: allow SFTP FTP but not SSH. Can ??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Secure file transfer ... We're talking about SFTP, which is a variant how to use SSH to secure the ... FTP protocol. ... is it better to use AUTH SSL or SSH/SFTP?" ... (comp.security.misc) Re: Secure file transfer ... We're talking about SFTP, which is a variant how to use SSH to secure the ... FTP protocol. ... "FTP over SSH" is the protection of the command channel. ... (comp.security.misc) Re: Simple file sharing between FC2 and Mac OS X? ... > SSH should work great but you'd need a real user account on her machine. ... I use Nautilus with SFTP to ... > transfer files to/from my laptop, web server, etc. ... > ftp server, or both. ... (Fedora) SFTP with no SSH session ... Suppose someone has telnet and FTP access to his System. ... suppose I have SSH and SFTP access to my system. ... (comp.security.ssh) Re: mac os x ftp not sftp?? ... 'Tunneling' is a very specific concept ... > in the context of ssh, and it doesn't apply to sftp. ... > sftp is _not_ ftp tunneled through ssh. ... (comp.sys.mac.system)