allow SFTP FTP but not SSH. Can ??

[Aaron M. Hirsch]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Hi.. I just create a linux account e.g account1 After creating this
> account, people can ftp , ssh and sftp in to the server using this
> account. But is there a way to restrict people from SSH using this
> account but still allowing ftp and sftp?? (without doing anything
> on the firewall?

It would alot easier if you forced the users off of ftp and provided
them sftp only access.  To allow them sftp only access you simply need
to replace their shell in /etc/passwd with the path to the sftp daemon.

i.e.  testuser:x:1000:99::/home/testuser:/bin/bash would be replaced
with testuser:x:1000:99::/home/testuser:/usr/libexec/openssh/sftp-server

If you had to allow both ftp and sftp access you could write a custom
shell that indicated that only a shell like /bin/ftponly or the
/usr/libexec/openssh/sftp-server were allowed for the accounts in
question.

- --
Aaron M. Hirsch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFCdh9pc70alSUhiSIRAtXmAKCOL2Q7tWksamTdOoIvoHJnk+alRACgqb9E
jXb2j2FJTE7n4fPm0ub9dak=
=QxMm
-----END PGP SIGNATURE-----


_______________________________________________________________________

This e-mail message is intended only for the named recipient(s) above.It may contain confidential information.  If you are not the intendedrecipient you are hereby notified that any dissemination, distributionor copying of this e-mail and any attachment(s) is strictly prohibited.If you have received this e-mail in error, please immediately notifythe sender by replying to this e-mail and delete the message and anyattachment(s) from your system.