Date: Fri, 25 Apr 2008 14:30:32 -0500 From: Paul Schmehl <pauls@utdallas.edu> To: freebsd-questions@freebsd.org Subject: Re: restrict ssh access Message-ID: <472410BF12BC19695178209A@utd65257.utdallas.edu> In-Reply-To: <alpine.BSF.1.10.0804251635570.60886@duane.dbq.yournetplus.com> References: <1209131161.14700.4.camel@puk> <BCBF8C55-3A54-4DA7-AC76-32A217EFB4FB@mac.com> <alpine.BSF.1.10.0804251635570.60886@duane.dbq.yournetplus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Friday, April 25, 2008 16:41:07 +0000 D Hill <d.hill@yournetplus.com> wrote: > On Fri, 25 Apr 2008 at 09:30 -0700, cswiger@mac.com confabulated: > >> On Apr 25, 2008, at 6:46 AM, Geert Geurts wrote: >>> I've got a server running a ssh server, I want to enable ssh for the use >>> of sftp by a group of users, and limit their ssh access to just allow >>> running passwd so they can change their default password. What whould be >>> the best/easiest way to acomplish this, or something similiar? >> >> I wonder what would happen if you gave them a shell of "/usr/bin/passwd"...? >> :-) > > That should work. I just tested. When an ssh connection is made, it executes > passwd. As soon as the password is changed, the ssh connection was closed: > > %ssh -l asdf 192.168.1.50 > Password: > ... > Changing local password for asdf > Old Password: > New Password: > Retype New Password: > Connection to 192.168.1.50 closed. Should make for some fascinating experiences with sftp. :-) -- Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?472410BF12BC19695178209A>