From owner-freebsd-questions@FreeBSD.ORG  Thu Dec 16 23:20:19 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6CB8F16A59B
	for <freebsd-questions@freebsd.org>;
	Thu, 16 Dec 2004 23:20:19 +0000 (GMT)
Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.192])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B407E43D54
	for <freebsd-questions@freebsd.org>;
	Thu, 16 Dec 2004 23:19:49 +0000 (GMT)
	(envelope-from nomadlogic@gmail.com)
Received: by rproxy.gmail.com with SMTP id q1so850089rnf
	for <freebsd-questions@freebsd.org>;
	Thu, 16 Dec 2004 15:19:48 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references;
	b=F533b+mehRxSnVzzCA/SwvlzuQ2vRABvttjnnIZUjUIzwLUiPT+pngvXc/9P6nseTvSHKZ2AP0rHLQkrKZfwHVO4+CMJ9QnJkl0e0G7aCcY1rxVUnsaUU/9mcLPTvU6/uk0d4vO+IdxKFe8Hy/CeoDxHMtbijZyNuhr2n5ygQBM=
Received: by 10.38.163.31 with SMTP id l31mr873155rne;
        Thu, 16 Dec 2004 15:19:31 -0800 (PST)
Received: by 10.38.14.26 with HTTP; Thu, 16 Dec 2004 15:19:31 -0800 (PST)
Message-ID: <57d7100004121615193ff2ddf0@mail.gmail.com>
Date: Thu, 16 Dec 2004 15:19:31 -0800
From: pete wright <nomadlogic@gmail.com>
To: Doug Hardie <bc979@lafn.org>
In-Reply-To: <652DF22E-4E00-11D9-B2B9-000393681B06@lafn.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
References: <200412141011.23225.josh@tcbug.org>
	 <652DF22E-4E00-11D9-B2B9-000393681B06@lafn.org>
cc: f-questions List <freebsd-questions@freebsd.org>
Subject: Re: sftp and shell access
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: pete wright <nomadlogic@gmail.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Dec 2004 23:20:19 -0000

On Tue, 14 Dec 2004 10:45:58 -0800, Doug Hardie <bc979@lafn.org> wrote:
> 
> On Dec 14, 2004, at 02:11, Josh Paetzel wrote:
> 
> > I am looking for a way to give a user an sftp account without giving
> > them a shell.  So far I've tried setting their shell
> > to /sbin/nologin, but when they try to log in via sftp it gives them
> > a "message to long" error.
> >
> > Any pointers would be appreciated...I've tried the FAQ, handbook and
> > google so far.
> 
> sftp uses a ssh connection to tunnel to ftp.  The connection is
> actually made to your ssh port.  There is also ftps which is ftp with
> ssh imbedded in it (like https).  With that the connection is actually
> made to fhe ftp server port.  ftps is available in the ports
> (BSDftpd-ssl).  Since it doesn't use ssh you can set the user to not
> have login capability.

not to nit pick but doesn't https and ftps encrypt data via SSL not ssh.

-pete


-- 
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group