Be careful. OpenSSH has some features that could compromise your security. It lets the user set environment variables when the user connects. A user could upload a library and override C Library functions with LD_PRELOAD to execute whatever they want. There are a couple sftp-only shells that were designed to handle being used in the manner you want, but they caution you to disable the rc features in sshd_config or take other security precautions: http://www.pizzashack.org/rssh/security.shtml On Sat, Feb 08, 2003 at 03:51:38AM -0500, Brian K. White wrote: brian> I have sort-of got this by setting the shell to sftp-server. brian> bizarre, I know, but it works, and a copy of /bin/true does not. brian> brian> in both the real and chroot'ed /etc/passwd's I set the shell to the full brian> path to sftp-server, and sftp works, ssh does not. brian> brian> ssh actually connects and will sit there until you type something, but brian> as soon as you type anything sftp-server says "what is this rubbish?" brian> and promptly hangs up on you. brian> brian> I don't have any real shell, or any other binary besides sftp-server in brian> my chroot tree, and even though users can upload their own, they cannot brian> execute it because their shell is only sftp-server, which is not a shell brian> and cannot execute anything. I hope it doesn't have any cases where it brian> could execute any external program like ls (I know it doesn't need ls brian> specifically, just as an example the way ftpd often uses a ls binary in brian> the chroot path). otherwise a person might be able to upload a shell brian> named <whatever sftp-server might exec> brian> brian> this is OpenSSH 3.5p1 with chroot patch, on SCO Open Server 5.0.6 -- Charles R. Anderson <cra@wpi.edu> / http://angus.ind.wpi.edu/~cra/ PGP Key ID: 49BB5886 Fingerprint: EBA3 A106 7C93 FA07 8E15 3AC2 C367 A0F9 49BB 5886