[ale] Best way to disable command-line access?
Jim Popovitch
jimpop at yahoo.com
Thu Oct 5 14:49:55 EDT 2006
On Thu, 2006-10-05 at 13:42 -0400, Allan Metts wrote:
> Hi everyone,
>
> What's the best way to preserve the ability to transfer files with scp, but PREVENT someone from using those same ssh credentials to get to a command line? This is for a single user only -- other users of the same server should be able to log in as usual.
>
> I tried usermod -s <a_script_that_does_nothing> <user>, but this seems to prevent scp file transfers as well.
>
> Is there a user-specific ssh config setting that does this? Any other ideas?
>
Setup their authorized key in ~/.ssh/authorized_keys as follows: (all on
one big long line)
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,
command="/usr/lib/sftp-server" ssh-dss AAAAB3N.......
hth,
-Jim P.
More information about the Ale
mailing list