I would like to give users access to ftp, sftp and scp without access to the shell. It looks like rssh will only support openssh (sftp, scp) but not ftp. I see a few references on google to rksh which sounds promising but I cannot find source for it anywhere. There is scponly but it has the same problems as rssh. Does anyone know of a solution that will support ssh as well as ftp(vsftpd)?
Thanks,
JJ
Today Jaigh Jaddo did spake thusly:
I would like to give users access to ftp, sftp and scp without access to the shell. It looks like rssh will only support openssh (sftp, scp) but not ftp. I see a few references on google to rksh which sounds promising but I cannot find source for it anywhere. There is scponly but it has the same problems as rssh. Does anyone know of a solution that will support ssh as well as ftp(vsftpd)?
pure-ftpd runs in a chroot with its own user/password list and I think can be made to talk scp/sftp as well...
-----Original Message----- From: fedora-list-bounces@redhat.com on behalf of Jaigh Jaddo Sent: Wed 11/29/2006 02:12 PM To: For users of Fedora Cc: Subject: Restricted Shell
I would like to give users access to ftp, sftp and scp without access to the shell.
----------------------------
What about replacing their shell with "/bin/false" ? You may also need to edit the /etc/shells file and add "/bin/false" so that FTP recognizes it as a valid shell.
"Miner, Jonathan W (CSC) (US SSA)" jonathan.w.miner@baesystems.com writes:
What about replacing their shell with "/bin/false" ? You may also need to edit the /etc/shells file and add "/bin/false" so that FTP recognizes it as a valid shell.
There is already a shell for this purpose, it's called /sbin/nologin.
Regards Ingemar
Jaigh Jaddo wrote:
I would like to give users access to ftp, sftp and scp without access to the shell.
OK, first of all you're dealing with 2 different things here:
- stuff done over ssh (sftp, scp) - ftp
You seem a bit confused because for the latter of those (ftp), shell access is rarely an issue: most (all?) FTP servers don't give someone shell access. So that's fine and you can just go right ahead and pick an FTP server (I recommend vsftpd, which comes with Fedora - it's small, simple and lets you do chroot with no hassle)
So, the main problem is scp and sftp which, being subsystems of OpenSSH, often imply shell access. For these, rssh will help you.
I don't think you're going to find something which is all of an FTP server plus shell protection for OpenSSH, because that would be just weird, architecturally, since FTP and SSH are completely unconnected.
So in summary, you just need an FTP server, plus rssh behind OpenSSH.
Tim
-
Ingemar Nilsson -
Jaigh Jaddo -
Miner, Jonathan W (US SSA) -
Scott van Looy -
Tim Jackson