Secure filetransfer (ssh) without interactive shell?

Hi,

I want to set up a secure filetransfer (ssh/sftp) that allows transfers
only from certain hosts and certain users. This can be done via the
"sshd"-config file afaik.

In addition, I don't want the respective users to be capable of anything
but scp - so the respective user(s) should *not* have an interactive
shell - they should only be capable of doing scp, but no interactive ssh.

Put in another way what I want is this: Secure filetransfer plus keeping
the respective users in a "closed environment" (like the chrooted-env
you've got using normal ftp) without giving them normal shell access.

TIA for your help,
-ewald

Ewald Jenisch wrote:
> Hi,
>
> I want to set up a secure filetransfer (ssh/sftp) that allows transfers
> only from certain hosts and certain users. This can be done via the
> "sshd"-config file afaik.
>
> In addition, I don't want the respective users to be capable of anything
> but scp - so the respective user(s) should *not* have an interactive
> shell - they should only be capable of doing scp, but no interactive ssh.
>
> Put in another way what I want is this: Secure filetransfer plus keeping
> the respective users in a "closed environment" (like the chrooted-env
> you've got using normal ftp) without giving them normal shell access.
>
> TIA for your help,
> -ewald
>

Modify /etc/shells
add
/bin/true

Change the login shell of those users to /bin/true



--
My projects:
http://fftv.sourceforge.net
http://tcron.sourceforge.net
http://www.csie.nctu.edu.tw/~cp76/gcb