- 论坛徽章:
- 0
|
How to restrict users to SFTP only instead of SSH
Posted by hruske on Sun 13 Feb 2005 at 21:52
Tags: sftp, ssh
Sometimes you want to have users, that have access to files on your server, but don't want them to be able to log in and execute commands on your server.
This is done quite easily.
Add user as usually and assign him a password. Then run the following command (replace the 'username' with real user name):
root@host # usermod -s /usr/lib/sftp-server username
This changes user's shell to sftp-server.
The last step for this to work is to add '/usr/lib/sftp-server' to /etc/shells to make it a valid shell, eg. like this:
root@host # echo '/usr/lib/stfp-server' >> /etc/shells
There. Now you've setup a user who can only access your server with SFTP.
我自己改user默认shell就可以工作了,sftp-server的位置查看sshd_config就可以了
[user@~ (0)]$ finger sftponly
Login: sftponly Name: (null)
Directory: /home/sftponly Shell: /usr/libexec/openssh/sftp-server
Never logged in.
No mail.
No Plan. |
|