Restricting sftp users from opening ssh shells


If you want to enable given user to manage his files over sftp, but you don't want him to execute commands on your system there's an easy way to do this. You should just set user's login shell to stfp-server - this is the program which enables sftp over ssh. To find where exactly is it on your installation, use this command:


grep Subsystem /etc/ssh/sshd_config


You'll get /usr/libexec/sftp-server for example. Next add this to the list of allowed shells:


echo '/usr/libexec/sftp-server' >> /etc/shells


And finally modify user's shell:


usermod -s /usr/libexec/sftp-server sftpuser


That's it - now sftpuser account can only use sftp.



No comments yet

Back to articles list

This page was last modified on 2018-12-09 01:34:06