From owner-freebsd-questions@FreeBSD.ORG  Fri Mar 25 21:44:16 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4E69016A4CE
	for <freebsd-questions@freebsd.org>;
	Fri, 25 Mar 2005 21:44:16 +0000 (GMT)
Received: from smtpq1.home.nl (smtpq1.home.nl [213.51.128.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5AFD143D3F
	for <freebsd-questions@freebsd.org>;
	Fri, 25 Mar 2005 21:44:15 +0000 (GMT)	(envelope-from danny@ricin.com)
Received: from [213.51.128.135] (port=32802 helo=smtp4.home.nl)
	by smtpq1.home.nl with esmtp (Exim 4.30)
	id 1DEwbF-0004FS-Uh; Fri, 25 Mar 2005 22:44:13 +0100
Received: from cp464173-a.dbsch1.nb.home.nl ([84.27.215.228]:64139
	helo=workstation.homenet)	by smtp4.home.nl with esmtp (Exim 4.30)
	id 1DEwbF-0000Ku-0B; Fri, 25 Mar 2005 22:44:13 +0100
From: Danny Pansters <danny@ricin.com>
To: gpeel@thenetnow.com, freebsd-questions@freebsd.org
Date: Fri, 25 Mar 2005 22:44:06 +0100
User-Agent: KMail/1.8
References: <002c01c53145$b9c64390$6401a8c0@GRANT>
In-Reply-To: <002c01c53145$b9c64390$6401a8c0@GRANT>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200503252244.07152.danny@ricin.com>
X-AtHome-MailScanner-Information: Please contact support@home.nl for more
	information
X-AtHome-MailScanner: Found to be clean
Subject: Re: sFTP nologin
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: danny@ricin.com
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2005 21:44:16 -0000

I experimented with this quite a while ago (~ 2001) and don't remember all the 
details, but I used scponly and had to prevent the "Welcome to FreeBSD..." 
text from being shown. That was the message too long problem IIRC. It worked 
with at least WinSCP and gFTP as clients.

You could also consider pulling an stunnel over ordinary ftpd and have no shh 
access at all except for people who need or are granted shell access. It's 
not hard to set up, you basically deal with it as if it were a proxy.

HTH,

Dan