[ale] Restricting users to sftp

Lightner, Jeff JLightner at dsservices.com
Thu May 28 10:42:23 EDT 2015 

We pretty much use sftp-only and are happy with it.   As suggested it isn't a quick setup but once you've done it and have notes doing it for additional accounts later isn't that horrible.

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Beddingfield, Allen
Sent: Thursday, May 28, 2015 10:31 AM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] Restricting users to sftp

Yeah, we’ve been playing with trying to get it working on SLES 12 here...
--
Allen Beddingfield
Systems Engineer
The University of Alabama









On 5/28/15, 9:29 AM, "ale-bounces at ale.org on behalf of Jim Kinney" <ale-bounces at ale.org on behalf of jim.kinney at gmail.com> wrote:

>Ah. Read the mailing list threads. Not quite abandoned but pretty much 
>so.
>
>Maybe a RedHat or SuSe team can pick it up as their commercial stuff 
>benefits from the security aspects of rssh.
>
>On Thu, 2015-05-28 at 14:09 +0000, Beddingfield, Allen wrote:
>> For years now, we have been using RSSH to restrict users to sftp-only 
>> on our web servers.
>> http://www.pizzashack.org/rssh/
>> Unfortunately, this is pretty much an abandoned project, now.  
>> The way it works is that you just change the user’s shell to rssh, 
>> and sftp/scp is the only thing allowed. You can also set a umask in 
>> the rssh.conf file  in /etc I’m looking for a way to do this without 
>> using RSSH. I see instructions for sftp-only/chroot for OpenSSH,but 
>> that seems a little much for what we are wanting to accomplish.  My 
>> only goal is the prevent shell access – I don’t need the chroot 
>> setup.
>> Any clever ideas?
>> Thanks.
>> Allen B.
>> --
>> Allen Beddingfield
>> Systems Engineer
>> The University of Alabama
>> 
>> 
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at 
>> http://mail.ale.org/mailman/listinfo
>
>--
>James P. Kinney III
>
>Every time you stop a school, you will have to build a jail. What you 
>gain at one end you lose at the other. It's like feeding a dog on his 
>own tail. It won't fatten the dog.
>- Speech 11/23/1900 Mark Twain
>
>http://heretothereideas.blogspot.com/
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at 
>http://mail.ale.org/mailman/listinfo

_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

More information about the Ale mailing list