I'm setting up a test environment using OpenSSH built in sFTP server. What I want to-do is build a chroot environment where people can connect to the machine via sFTP but not via SSH. I know with the commercial version of SSH they have ssh-dummy-shell which when you try to connect via SSH just bails on you, but lets sFTP work properly. I've done some digging on the web and I haven't found anything that'll replace this functionality on the OpenSSH side of things. Anybody got any ideas/links of an open source version of ssh-dummy-shell. Thanks, Tim.
does the ssh-dummy-shell have to actually do anything for sFTP to work, or does it just have to be in /etc/shells? If it just has to be in /etc/shells, /bin/false works. Been using that for years for (non-s)FTP-only accounts. Scott On Wed, 30 Jan 2002, Keller, Tim wrote:
I'm setting up a test environment using OpenSSH built in sFTP server. What I want to-do is build a chroot environment where people can connect to the machine via sFTP but not via SSH.
I know with the commercial version of SSH they have ssh-dummy-shell which when you try to connect via SSH just bails on you, but lets sFTP work properly.
I've done some digging on the web and I haven't found anything that'll replace this functionality on the OpenSSH side of things.
Anybody got any ideas/links of an open source version of ssh-dummy-shell.
Thanks, Tim. _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
Keller, Tim wrote:
I'm setting up a test environment using OpenSSH built in sFTP server. What I want to-do is build a chroot environment where people can connect to the machine via sFTP but not via SSH.
I know with the commercial version of SSH they have ssh-dummy-shell which when you try to connect via SSH just bails on you, but lets sFTP work properly.
I've done some digging on the web and I haven't found anything that'll replace this functionality on the OpenSSH side of things.
Anybody got any ideas/links of an open source version of ssh-dummy-shell.
Thanks, Tim. _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
I haven't tried this, but couldn't you just set the user's shells to /dev/null? So there's no shell access, but sftp should still work; kinda like the same way you create a dummy shell for e-mail only accounts sometimes? I don't know, just a thought. Wes
participants (3)
-
Keller, Tim -
Scott Venier -
Wesley Allen