From owner-freebsd-questions@FreeBSD.ORG Thu Dec 16 21:43:38 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C20616A4CE for ; Thu, 16 Dec 2004 21:43:38 +0000 (GMT) Received: from mail.gmx.net (imap.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 1090B43D31 for ; Thu, 16 Dec 2004 21:43:37 +0000 (GMT) (envelope-from barner@gmx.de) Received: (qmail invoked by alias); 16 Dec 2004 21:43:35 -0000 Received: from unknown (EHLO zi025.glhnet.mhn.de) (129.187.19.157) by mail.gmx.net (mp012) with SMTP; 16 Dec 2004 22:43:35 +0100 X-Authenticated: #147403 Received: by zi025.glhnet.mhn.de (Postfix, from userid 1000) id 42A43C0ED; Thu, 16 Dec 2004 22:44:12 +0100 (CET) Date: Thu, 16 Dec 2004 22:44:11 +0100 From: Simon Barner To: Josh Paetzel Message-ID: <20041216214411.GK53897@zi025.glhnet.mhn.de> References: <200412141011.23225.josh@tcbug.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="fz0LNKsoEivY4NpG" Content-Disposition: inline In-Reply-To: <200412141011.23225.josh@tcbug.org> User-Agent: Mutt/1.5.6i X-Y-GMX-Trusted: 0 cc: questions@freebsd.org Subject: Re: sftp and shell access X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Dec 2004 21:43:38 -0000 --fz0LNKsoEivY4NpG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Josh Paetzel wrote: > I am looking for a way to give a user an sftp account without giving=20 > them a shell. So far I've tried setting their shell=20 > to /sbin/nologin, but when they try to log in via sftp it gives them=20 > a "message to long" error. >=20 > Any pointers would be appreciated...I've tried the FAQ, handbook and=20 > google so far. Hi, I am using ports/shells/scponly for this purpose. It even comes with a neat little script 'setup_chroot.sh' which automagically sets up a chroot cage for your scp/sftp user (it will also create the user itself). Have a look at the beginning of the port's Makefile for a list of available options. The only thing I couldn't get to work (I was in a hurry then) was authentication with ssh-keys. If you get this one running, please be so kind and drop me a line. Simon --fz0LNKsoEivY4NpG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQFBwgGrCkn+/eutqCoRAnsKAKCe/zirkFudyY5uyNlWINGZRPQDuACfdK3+ LFMu7TYf/9mCmyIwbU8Ouhk= =v1vM -----END PGP SIGNATURE----- --fz0LNKsoEivY4NpG--