From owner-freebsd-questions@FreeBSD.ORG Fri Mar 25 22:07:55 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4055E16A4CE for ; Fri, 25 Mar 2005 22:07:55 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB9CC43D2F for ; Fri, 25 Mar 2005 22:07:54 +0000 (GMT) (envelope-from jeff.wirth@gmail.com) Received: by rproxy.gmail.com with SMTP id j1so861857rnf for ; Fri, 25 Mar 2005 14:07:54 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=HVfamlG6+D85sI5P8sm8jmrTLYuVjys9PI4TgEmWvG1BYWL6uzzX7hxJ///wvppGRFau1AIhQOIM5PHsqSAwYN+rf9eWNXxBoIomJgb4S5SIcZkK3rEOynbhxSgy8kIoZ6moEcTe3kbC+JXBX2W0y9cHHNz18YFonZfuuAy0+D8= Received: by 10.38.150.65 with SMTP id x65mr2860183rnd; Fri, 25 Mar 2005 14:07:54 -0800 (PST) Received: by 10.38.181.68 with HTTP; Fri, 25 Mar 2005 14:07:54 -0800 (PST) Message-ID: <5d2cf6920503251407759fcff0@mail.gmail.com> Date: Fri, 25 Mar 2005 17:07:54 -0500 From: Jeff Wirth To: Grant Peel In-Reply-To: <004b01c53155$5ce59c60$6401a8c0@GRANT> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit References: <002c01c53145$b9c64390$6401a8c0@GRANT> <4244354E.10401@haystacks.org> <004b01c53155$5ce59c60$6401a8c0@GRANT> cc: freebsd-questions@freebsd.org Subject: Re: sFTP nologin X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Jeff Wirth List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Mar 2005 22:07:55 -0000 > Yes, been trying that all morning. sbin/nologin kills the connection after > it prints the message. > > i have been tring scponly it has been less that workable so far too. > 'nologin' will work for 'ftp' and things that don't require a password ( i.e. `sudo -u user -s`) 'scponly' is the correct solution for limiting users to scp or sftp. I use it extensively in production for setting up secure, automated file transfers (w/ key auth). Once 'scponly' is installed, it should be a simple matter of adding 'scponly' to /etc/shells and configuring your user's shell accordingly. - jw