Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com To: cygwin@cygwin.com X-Injected-Via-Gmane: http://gmane.org/ Path: not-for-mail From: Andrew Markebo Subject: Re: OpenSSH and cygwin: let a user only connect via sftp. Date: Thu, 05 Dec 2002 16:08:41 +0100 Lines: 22 Message-ID: References: <006e01c29c52$595e0360$78d96f83@pomello> NNTP-Posting-Host: h146n2fls23o900.telia.com Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Trace: main.gmane.org 1039100920 6759 213.66.142.146 (5 Dec 2002 15:08:40 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Thu, 5 Dec 2002 15:08:40 +0000 (UTC) X-message-flag: Infected by Norwegian Cheese User-Agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/20.7 (i386-redhat-linux-gnu) Cancel-Lock: sha1:bdxQcITbdLdcioJe4Fc7ELdYJwA= / "Max Bowsher" wrote: | Schonder, Matthias wrote: > >> How do I have to set passwd (if it is done there) that he only can >> connect to the server via sftp and not via ssh. >> What do I have to do? > | Setting a user's shell to /bin/false might (and I repeat, *might* - this is | speculation) work. Nope not for sftp, the problem is that sftp uses the users shell to navigate and fetch files. (it logs in using ssh) So what you have to do is to give the user a shell that has enough rights to do what scp needs, check files, read them and so on, but not allowed to fire up applications and so on. Think I have seen it mentioned, maybe in the neighbourhood of sftp development.. /Andy -- The eye of the beholder rests on the beauty! -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/