From owner-freebsd-isp@FreeBSD.ORG  Wed Aug 20 22:28:11 2003
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0FBFB16A4BF
	for <freebsd-isp@freebsd.org>; Wed, 20 Aug 2003 22:28:11 -0700 (PDT)
Received: from blue.centerone.com (blue.centerone.com [204.133.183.111])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 513AB43FDD
	for <freebsd-isp@freebsd.org>; Wed, 20 Aug 2003 22:28:10 -0700 (PDT)
	(envelope-from rf-list@centerone.com)
Received: from DELIVERANCE-XP.centerone.com
	(ppp-168-253-14-129.den1.ip.ricochet.net [168.253.14.129])
	by blue.centerone.com (8.9.3/8.9.3) with ESMTP id XAA09297
	for <freebsd-isp@freebsd.org>; Wed, 20 Aug 2003 23:40:05 -0600
Message-Id: <5.1.0.14.2.20030820232337.02751eb8@mail.centerone.com>
X-Sender: rf-list@mail.centerone.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 20 Aug 2003 23:25:23 -0600
To: freebsd-isp@freebsd.org
From: Ralph Forsythe <rf-list@centerone.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Subject: Creating account with SCP ONLY
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2003 05:28:11 -0000

Since we're talking about limiting ssh access right now...  I need to 
create user accounts that cannot use the shell, but can still move files 
around via scp/sftp.  We have FTP disabled, and as we start to bring users 
online I do not want them having shell capabilities for security reasons.

Any ideas?  I think the false shell thing breaks scp since it requires some 
limited level of shellish-type access for whatever it does.

Thanks,
Ralph