01-26-2012
restricting sftp and ssh for a user
I want to know if there is any way to set up a users home directory access with a restricted shell and allow them to SFTP to the directory. I want to allow the user to SSH into their home directory but no where else on the AIX server. I also want the user to be able to SFTP files to their home directory only. They need to have both SSH and SFTP access to their home directory ONLY.
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi,
I want the user to enter only numeric values and also he should only enter
2 digits only ( eg 23 or 23 or 03 any 2 digits)
For the above purpose how should i declare my variable ?
integer value
if I read 03 in variable value then it gives me error ...also user can enter n number... (4 Replies)
Discussion started by: dhananjayk
4 Replies
2. UNIX for Dummies Questions & Answers
Hats of to all the members for providing the detailed guidence to the newbe !! :o
I am working on Red Hat LINUX plateform, where the number of users are
more that 50. The problem I m facing is that all the user are opening the virtual terminals and leave it unattended for hours together and... (4 Replies)
Discussion started by: vakharia Mahesh
4 Replies
3. UNIX for Dummies Questions & Answers
Hello,
For one of our servers, we have had people trying to illegally loggon using the ssh service.
My manager has asked me to restrict ssh access to users in our internal network but close ssh access to the "outside" world.
Could someone at the very least point me to some resources on the... (7 Replies)
Discussion started by: mojoman
7 Replies
4. Solaris
Hi,
I've created solaris user which has both FTP and SFTP Access. Using the "ftpaccess" configuration file options "guest-root" and "restricted-uid", i can restrict the user to a specific directory. But I'm unable to restrict the user when the user is logged in using SFTP.
The aim is to... (1 Reply)
Discussion started by: sftpuser
1 Replies
5. UNIX for Dummies Questions & Answers
Hello,
I am using MySecureShell to chroot all sftp accesses. The problem that I have is that my boss does not want root to be able to use sftp. Root should still be able to ssh. Any ideas? (2 Replies)
Discussion started by: mojoman
2 Replies
6. UNIX for Dummies Questions & Answers
I found this old closed thread:
I can do these things, but how to I change someone's profile - where do I find the profile? I'm running Centos 5.6
~~~~~~~~~
providing you have the password shell set to ksh,
you can put this in his .profile:
cd /opt/load
alias -x cd=: (6 Replies)
Discussion started by: jjj0923
6 Replies
7. Red Hat
Hello,
can someone please provide steps, can I restrict a multiple users to only access only sftp on a server, to perform upload and download of files on their home directories.
1. I have updated their login shell as /sbin/nologin.
anything else do I need to update.
Thanks, (3 Replies)
Discussion started by: bobby320
3 Replies
8. UNIX for Dummies Questions & Answers
This is a quote from the Apple security configuration (you can download it from Apple)
" Using ACLs to Restrict Usage of Setuid Programs
The ACL feature of Mac OS X can also be used to restrict the execution of setuid
programs. Restricting the execution of setuid programs to administrators... (3 Replies)
Discussion started by: Vera
3 Replies
9. Red Hat
I have been asked to see if we can restrict SFTP access to authorised users only. There will be business users who will log on with SSH, but they are locked into a menu. They will have write access to the production data to do their job, but we don't want them to have access to read/write the... (8 Replies)
Discussion started by: rbatte1
8 Replies
10. Shell Programming and Scripting
I am running a shell script as user A. In that script I need to execute a sftp that would transfer the file using another user B.
I am using the below command:
sftp -oPort22 B@remote server
However, I am getting password prompts each time.
I have done the following:
Added the public... (4 Replies)
Discussion started by: mady135
4 Replies
LEARN ABOUT CENTOS
sftp-server
SFTP-SERVER(8) BSD System Manager's Manual SFTP-SERVER(8)
NAME
sftp-server -- SFTP server subsystem
SYNOPSIS
sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level] [-u umask]
DESCRIPTION
sftp-server is a program that speaks the server side of SFTP protocol to stdout and expects client requests from stdin. sftp-server is not
intended to be called directly, but from sshd(8) using the Subsystem option.
Command-line flags to sftp-server should be specified in the Subsystem declaration. See sshd_config(5) for more information.
Valid options are:
-d start_directory
specifies an alternate starting directory for users. The pathname may contain the following tokens that are expanded at runtime: %%
is replaced by a literal '%', %h is replaced by the home directory of the user being authenticated, and %u is replaced by the user-
name of that user. The default is to use the user's home directory. This option is useful in conjunction with the sshd_config(5)
ChrootDirectory option.
-e Causes sftp-server to print logging information to stderr instead of syslog for debugging.
-f log_facility
Specifies the facility code that is used when logging messages from sftp-server. The possible values are: DAEMON, USER, AUTH,
LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH.
-h Displays sftp-server usage information.
-l log_level
Specifies which messages will be logged by sftp-server. The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1,
DEBUG2, and DEBUG3. INFO and VERBOSE log transactions that sftp-server performs on behalf of the client. DEBUG and DEBUG1 are
equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. The default is ERROR.
-R Places this instance of sftp-server into a read-only mode. Attempts to open files for writing, as well as other operations that
change the state of the filesystem, will be denied.
-u umask
Sets an explicit umask(2) to be applied to newly-created files and directories, instead of the user's default mask.
For logging to work, sftp-server must be able to access /dev/log. Use of sftp-server in a chroot configuration therefore requires that
syslogd(8) establish a logging socket inside the chroot directory.
SEE ALSO
sftp(1), ssh(1), sshd_config(5), sshd(8)
T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-filexfer-02.txt, October 2001, work in progress material.
HISTORY
sftp-server first appeared in OpenBSD 2.8.
AUTHORS
Markus Friedl <markus@openbsd.org>
BSD
July 16, 2013 BSD