From owner-freebsd-questions@FreeBSD.ORG  Tue Mar 29 12:48:37 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EF5F616A4CE
	for <freebsd-questions@freebsd.org>;
	Tue, 29 Mar 2005 12:48:37 +0000 (GMT)
Received: from merke.itea.ntnu.no (merke.itea.ntnu.no [129.241.7.61])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7256143D4C
	for <freebsd-questions@freebsd.org>;
	Tue, 29 Mar 2005 12:48:37 +0000 (GMT)
	(envelope-from svein-freebsd-questions@theloosingend.net)
Received: from localhost (localhost [127.0.0.1])
	by merke.itea.ntnu.no (Postfix) with ESMTP id DA2AA13C800
	for <freebsd-questions@freebsd.org>;
	Tue, 29 Mar 2005 14:48:35 +0200 (CEST)
Received: from maren.thelosingend.net (maren.math.ntnu.no [129.241.211.48])
	by merke.itea.ntnu.no (Postfix) with SMTP
	for <freebsd-questions@freebsd.org>;
	Tue, 29 Mar 2005 14:48:31 +0200 (CEST)
Received: (qmail 89046 invoked by uid 1001); 29 Mar 2005 12:48:14 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 29 Mar 2005 12:48:14 -0000
Date: Tue, 29 Mar 2005 14:48:14 +0200 (CEST)
From: Svein Halvor Halvorsen <svein-freebsd-questions@theloosingend.net>
X-X-Sender: sveinhal@maren.thelosingend.net
To: Grant Peel <gpeel@thenetnow.com>
In-Reply-To: <002c01c53145$b9c64390$6401a8c0@GRANT>
Message-ID: <20050329144605.N85495@maren.thelosingend.net>
References: <002c01c53145$b9c64390$6401a8c0@GRANT>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Content-Scanned: with sophos and spamassassin at mailgw.ntnu.no.
cc: freebsd-questions@freebsd.org
Subject: Re: sFTP nologin
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: questions@freebsd.org
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2005 12:48:38 -0000


* Grant Peel [2005-03-25 09:19 -0500]
>  Is there a quick - secure way to allow the sshd sFTP subsystem to allows sftp
>  connections without allowing shell accounts?


I'm using this shell-script as a "nologin"-shell:

-------------
#!/bin/sh
if [ "$1" = "-c" -a "$2" = "/usr/libexec/sftp-server" ]; then

    exec /bin/sh "$@"

else

    echo "You are not allowed to login"
    sleep 2
    exit 0

fi
-------------


This will allow sftp, but not shell login (or scp)