From owner-freebsd-questions@FreeBSD.ORG  Fri Apr 25 19:50:49 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1A3E7106564A
	for <freebsd-questions@freebsd.org>;
	Fri, 25 Apr 2008 19:50:49 +0000 (UTC)
	(envelope-from d.hill@yournetplus.com)
Received: from duane.dbq.yournetplus.com (duane.dbq.yournetplus.com
	[65.124.230.214])
	by mx1.freebsd.org (Postfix) with ESMTP id D957C8FC1E
	for <freebsd-questions@freebsd.org>;
	Fri, 25 Apr 2008 19:50:48 +0000 (UTC)
	(envelope-from d.hill@yournetplus.com)
Received: by duane.dbq.yournetplus.com (Postfix, from userid 1001)
	id B49F227E453; Fri, 25 Apr 2008 19:50:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by duane.dbq.yournetplus.com (Postfix) with ESMTP id B249E27E443
	for <freebsd-questions@freebsd.org>;
	Fri, 25 Apr 2008 19:50:47 +0000 (UTC)
Date: Fri, 25 Apr 2008 19:50:47 +0000 (UTC)
From: D Hill <d.hill@yournetplus.com>
X-X-Sender: d.hill@duane.dbq.yournetplus.com
To: freebsd-questions@freebsd.org
In-Reply-To: <472410BF12BC19695178209A@utd65257.utdallas.edu>
Message-ID: <alpine.BSF.1.10.0804251943250.62384@duane.dbq.yournetplus.com>
References: <1209131161.14700.4.camel@puk>
	<BCBF8C55-3A54-4DA7-AC76-32A217EFB4FB@mac.com>
	<alpine.BSF.1.10.0804251635570.60886@duane.dbq.yournetplus.com>
	<472410BF12BC19695178209A@utd65257.utdallas.edu>
User-Agent: Alpine 1.10 (BSF 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Subject: Re: restrict ssh access
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Apr 2008 19:50:49 -0000

On Fri, 25 Apr 2008 at 14:30 -0500, pauls@utdallas.edu confabulated:

> --On Friday, April 25, 2008 16:41:07 +0000 D Hill <d.hill@yournetplus.com> 
> wrote:
>
>> On Fri, 25 Apr 2008 at 09:30 -0700, cswiger@mac.com confabulated:
>> 
>>> On Apr 25, 2008, at 6:46 AM, Geert Geurts wrote:
>>>> I've got a server running a ssh server, I want to enable ssh for the use
>>>> of sftp by a group of users, and limit their ssh access to just allow
>>>> running passwd so they can change their default password. What whould be
>>>> the best/easiest way to acomplish this, or something similiar?
>>> 
>>> I wonder what would happen if you gave them a shell of 
>>> "/usr/bin/passwd"...?
>>> :-)
>> 
>> That should work. I just tested. When an ssh connection is made, it 
>> executes
>> passwd. As soon as the password is changed, the ssh connection was closed:
>>
>>    %ssh -l asdf 192.168.1.50
>>    Password:
>>    ...
>>    Changing local password for asdf
>>    Old Password:
>>    New Password:
>>    Retype New Password:
>>    Connection to 192.168.1.50 closed.
>
> Should make for some fascinating experiences with sftp.  :-)

I believe the connecton would just close. Somehow I missed that sftp part :-(