[ale] Best way to disable command-line access?
Jerry Yu
jjj863 at gmail.com
Thu Oct 5 16:12:08 EDT 2006
on top of the authorized_keys set-up, of course, one needs to make sure
Public Key is the only auth possible for this account.
if sftp-only is acceptable, "usermod -s /usr/libexec/openssh/sftp-server
singledOutUser"
On 10/5/06, Jim Popovitch < jimpop at yahoo.com> wrote:
>
> On Thu, 2006-10-05 at 13:42 -0400, Allan Metts wrote:
> > Hi everyone,
> >
> > What's the best way to preserve the ability to transfer files with scp,
> but PREVENT someone from using those same ssh credentials to get to a
> command line? This is for a single user only -- other users of the same
> server should be able to log in as usual.
> >
> > I tried usermod -s <a_script_that_does_nothing> <user>, but this seems
> to prevent scp file transfers as well.
> >
> > Is there a user-specific ssh config setting that does this? Any other
> ideas?
> >
>
> Setup their authorized key in ~/.ssh/authorized_keys as follows: (all on
> one big long line)
>
> no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,
> command="/usr/lib/sftp-server" ssh-dss AAAAB3N.......
>
> hth,
>
> -Jim P.
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ale
mailing list