From owner-freebsd-questions@FreeBSD.ORG Fri Mar 25 15:59:12 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E040316A4CE for ; Fri, 25 Mar 2005 15:59:12 +0000 (GMT) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id A591F43D58 for ; Fri, 25 Mar 2005 15:59:12 +0000 (GMT) (envelope-from emccoy@haystacks.org) Received: from [127.0.0.1] (c-24-98-109-41.hsd1.ga.comcast.net[24.98.109.41]) by comcast.net (rwcrmhc12) with ESMTP id <2005032515591101400s99gqe>; Fri, 25 Mar 2005 15:59:12 +0000 Message-ID: <4244354E.10401@haystacks.org> Date: Fri, 25 Mar 2005 10:59:10 -0500 From: Eric McCoy User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Grant Peel References: <002c01c53145$b9c64390$6401a8c0@GRANT> In-Reply-To: <002c01c53145$b9c64390$6401a8c0@GRANT> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: sFTP nologin X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Mar 2005 15:59:13 -0000 Grant Peel wrote: > Is there a quick - secure way to allow the sshd sFTP subsystem to allows > sftp connections without allowing shell accounts? Create the account and set its shell to /sbin/nologin. You can safely add that to /etc/shells: it does its name and just prints a terse message before booting the user if he tries to connect via vanilla SSH.