From owner-freebsd-questions@FreeBSD.ORG Thu May 3 15:02:17 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 524D616A401 for ; Thu, 3 May 2007 15:02:17 +0000 (UTC) (envelope-from ghirai@ghirai.com) Received: from p28.ich-19.com (fa.ea.5646.static.theplanet.com [70.86.234.250]) by mx1.freebsd.org (Postfix) with ESMTP id 336EE13C458 for ; Thu, 3 May 2007 15:02:17 +0000 (UTC) (envelope-from ghirai@ghirai.com) Received: from [89.122.145.219] (helo=Unknown-00-16-36-ae-62-05.lan) by p28.ich-19.com with esmtpa (Exim 4.63) (envelope-from ) id 1Hjcow-0008Pt-H7; Thu, 03 May 2007 10:02:14 -0500 Date: Thu, 3 May 2007 18:02:19 +0300 From: Ghirai X-Mailer: The Bat! (v3.99.3) Professional X-Priority: 3 (Normal) Message-ID: <238128338.20070503180219@ghirai.com> To: Ewald Jenisch , freebsd-questions@freebsd.org In-Reply-To: <20070503140733.GA3332@aurora.oekb.co.at> References: <20070503140733.GA3332@aurora.oekb.co.at> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - p28.ich-19.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - ghirai.com X-Source: X-Source-Args: X-Source-Dir: Cc: Subject: Re: scp/sftp without interactive shell? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Ghirai List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 May 2007 15:02:17 -0000 Hello Ewald, Thursday, May 3, 2007, 5:07:33 PM, you wrote: > Hi, > I'm looking for a way to securely transfer files between machines > using either scp or sftp without giving the user a login shell on the > target machine. Put in another way: The user should be able to > transfer files but must not have an interactive login shell on the > target box. > Giving the user a shell of "/bin/true" or something similar on the > target machine is not an option since scp doesn't seem to work in this > case. > Any ideas how this could be accomplished? > Thanks in advance for your help, > -ewald Given your requirement, i would suggest installing pure-ftpd and puredb (from ports). With that you can create as many virtual users as you like, and restrict access/speed/etc to fit your needs. Your clients will connect over SSL FTP, which i assume is acceptable. A detailed guide is here: http://www.bsdguides.org/guides/freebsd/networking/pure-ftpd_virtual_users.php Hope this helps. -- Best regards, Ghirai.