Allow SFTP but disallow SSH?

Solution 1:

Starting with version 4.9 OpenSSH (not available in centos 5.x but ChrootDirectory feature was backported) has an internal-sftp subsystem:

Subsystem sftp internal-sftp

And then block other uses:

Match group sftponly
     ChrootDirectory /home/%u
     X11Forwarding no
     AllowTcpForwarding no
     ForceCommand internal-sftp

Add your users to the sftponly group. You have to change the user's homedirectory to / because of the chroot and /home/user should be owned by root. I'd also set /bin/false as the user's shell.

Solution 2:

There is a shell scponly what does this. It can chroot too.

Solution 3:

Checkout rssh which is a fake shell that allows sftp but denies ssh

More about RSSH

http://www.pizzashack.org/rssh/

RPMs

http://pkgs.repoforge.org/rssh/

You can configure rssh to allow / deny different behaviours like sft, scp etc.

Solution 4:

You can modify /etc/passwd and give that user a fake shell so that he can not use ssh.

Allow SFTP but disallow SSH?

Solution 1:

Solution 2:

Solution 3:

Solution 4:

Tags:

Linux

Sftp

Ftp

Centos

Related

Recent Posts