From owner-freebsd-questions@FreeBSD.ORG  Tue Mar 28 09:38:25 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DF52616A400
	for <freebsd-questions@freebsd.org>;
	Tue, 28 Mar 2006 09:38:25 +0000 (UTC)
	(envelope-from corwin@aeternal.net)
Received: from amber.aeternal.net (amber.in.markiza.sk [62.168.76.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2C5FC43D5C
	for <freebsd-questions@freebsd.org>;
	Tue, 28 Mar 2006 09:38:25 +0000 (GMT)
	(envelope-from corwin@aeternal.net)
Received: from localhost (localhost.aeternal.net [127.0.0.1])
	by amber.aeternal.net (Postfix) with ESMTP id 9C518B94F
	for <freebsd-questions@freebsd.org>;
	Tue, 28 Mar 2006 11:38:20 +0200 (CEST)
Received: from amber.aeternal.net ([127.0.0.1])
	by localhost (amber.aeternal.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 70321-05 for <freebsd-questions@freebsd.org>;
	Tue, 28 Mar 2006 11:38:20 +0200 (CEST)
Received: from [192.168.0.30] (pleiades.aeternal.net [192.168.0.30])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by amber.aeternal.net (Postfix) with ESMTP id D509BB933
	for <freebsd-questions@freebsd.org>;
	Tue, 28 Mar 2006 11:38:19 +0200 (CEST)
Message-ID: <44290396.3010607@aeternal.net>
Date: Tue, 28 Mar 2006 11:36:22 +0200
From: Martin Hudec <corwin@aeternal.net>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
References: <200603281030.53485.work@ashleymoran.me.uk>
In-Reply-To: <200603281030.53485.work@ashleymoran.me.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at aeternal.net
Subject: Re: Restricted SFTP access to server for one user
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: corwin@aeternal.net
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Mar 2006 09:38:26 -0000

Hello Ashley,

Ashley Moran wrote:
> I don't want to install an FTP program, and we 
> don't use password authentication for SSH, so I'm going to tell him to create 
> a key pair and send us his public key.

Maybe for the client, it would be better to use also password based 
authentication, ask him - he is the client and he should define what he 
wants.

> I can remove his login shell, but how do I restrict him to only view his home 
> directory over SFTP?

I think that shells/scponly should have chroot ability for their users.


Cheers,
Martin