[Gllug] Non-interactive sftp

Mon Oct 10 15:12:49 UTC 2005

On 10/10/05, Bruce Richardson <itsbruce at uklinux.net> wrote:
> You can't do this the way you're trying to do it.  SFTP does require the
> user to have a shell that can pass commands to the sftp-server binary.

Yeah - I see this now.

> What you need is a special shell that can spot when it is being used for
> sftp and pass on the commands but exit with an error in any other
> context.  rssh is one such.

Yeah - I'm also looking at http://www.sublimation.org/scponly/.

> The canonicalise error, however, may also indicate that you have
> permissions problems somewhere.

Yes that's what google turned up, but I can't see where.

> What happens if the user has a standard
> shell?

The debug output originally posted was with a standard shell.  I don't
get the canonicalise error otherwise - just a connection closed, which
makes sense, now.

Permissions on all dirs are currently:

drwxr-xr-x  18 root     other        512 Oct  9 14:08 local
drwxr-xr-x  18 root     other        512 Oct  4 16:23 home
drwx--x--x   8 root     other        512 Oct  9 15:33 ftp
drwx--x--x   5 tester other        512 Oct 10 12:41 tester
drwxr-xr-x   2 tester other        512 Oct  7 16:30 in

I've also trued with perms on tester and in both set to 700 and 755

What should perms be?  Everything I read suggested it was a missing execute bit.

> Bruce

S.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug