sftp without ssh shell access?
-
Is it possible to set up openssh so that some users would only be able to connect with a sftp client but wont have regular ssh shell access?
-
-
Yes, it's actually the standard for SFTP servers.
-
Thanks guys.
To summarize the link above, it's these lines in
sshd_configthat does the magic.Match User sftpuser ForceCommand internal-sftp <snip>The first line will tell sshd what user(s) the rest of the settings apply to.
The second line tells it to go straight into sftp mode. So this will only apply to the users that match the rule above. -
@Pete-S said in sftp without ssh shell access?:
Thanks guys.
To summarize the link above, it's these lines in
sshd_configthat does the magic.Match User sftpuser ForceCommand internal-sftp <snip>The first line will tell sshd what user(s) the rest of the settings apply to.
The second line tells it to go straight into sftp mode. So this will only apply to the users that match the rule above.If possible, I would use
Match Groupinstead. -
@Pete-S said in sftp without ssh shell access?:
Thanks guys.
To summarize the link above, it's these lines in
sshd_configthat does the magic.Match User sftpuser ForceCommand internal-sftp <snip>The first line will tell sshd what user(s) the rest of the settings apply to.
The second line tells it to go straight into sftp mode. So this will only apply to the users that match the rule above.Just make sure to test SSH after you do the changes ok a new session otherwise you might just have broken SSH access.
