[Gllug] Non-interactive sftp

Nix nix at esperi.org.uk
Mon Oct 10 15:31:11 UTC 2005


On Mon, 10 Oct 2005, Steve Nelson gibbered uncontrollably:
> Hi Chums,
> 
> I'm trying to allow sftp using key-based authentication so that some
> critical files can be transferred securely via cron.  I don't want to
> allow the ftp user
> an interactive shell.
> 
> I've set up key-based authentication, and verified this works with
> ssh/scp and an interactive shell.  I then then set the ftp user's
> login shell to /bin/true.

This is not supported. sshd uses the shell in /etc/shells to run the
subsystem driver (e.g. /usr/libexec/sftp-server), so your user
needs a valid shell.

You can restrict the commands executable via that key, to reduce
exposure (perhaps reduce it to /bin/true ;) )

-- 
`Next: FEMA neglects to take into account the possibility of
fire in Old Balsawood Town (currently in its fifth year of drought
and home of the General Grant Home for Compulsive Arsonists).'
            --- James Nicoll
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list