Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com To: cygwin AT cygwin DOT com X-Injected-Via-Gmane: http://gmane.org/ Path: not-for-mail From: Andrew Markebo Subject: Re: OpenSSH and cygwin: let a user only connect via sftp. Date: Thu, 05 Dec 2002 16:08:41 +0100 Lines: 22 Message-ID: References: <006e01c29c52$595e0360$78d96f83 AT pomello> NNTP-Posting-Host: h146n2fls23o900.telia.com Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Trace: main.gmane.org 1039100920 6759 213.66.142.146 (5 Dec 2002 15:08:40 GMT) X-Complaints-To: usenet AT main DOT gmane DOT org NNTP-Posting-Date: Thu, 5 Dec 2002 15:08:40 +0000 (UTC) X-message-flag: Infected by Norwegian Cheese User-Agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/20.7 (i386-redhat-linux-gnu) Cancel-Lock: sha1:bdxQcITbdLdcioJe4Fc7ELdYJwA= / "Max Bowsher" wrote: | Schonder, Matthias wrote: > >> How do I have to set passwd (if it is done there) that he only can >> connect to the server via sftp and not via ssh. >> What do I have to do? > | Setting a user's shell to /bin/false might (and I repeat, *might* - this is | speculation) work. Nope not for sftp, the problem is that sftp uses the users shell to navigate and fetch files. (it logs in using ssh) So what you have to do is to give the user a shell that has enough rights to do what scp needs, check files, read them and so on, but not allowed to fire up applications and so on. Think I have seen it mentioned, maybe in the neighbourhood of sftp development.. /Andy -- The eye of the beholder rests on the beauty! -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/