Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: restricting sftp and ssh for a user
Operating Systems AIX restricting sftp and ssh for a user Post 302593347 by daveisme on Thursday 26th of January 2012 02:31:53 PM
Old 01-26-2012
restricting sftp and ssh for a user
I want to know if there is any way to set up a users home directory access with a restricted shell and allow them to SFTP to the directory. I want to allow the user to SSH into their home directory but no where else on the AIX server. I also want the user to be able to SFTP files to their home directory only. They need to have both SSH and SFTP access to their home directory ONLY.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

restricting user input as required

Hi, I want the user to enter only numeric values and also he should only enter 2 digits only ( eg 23 or 23 or 03 any 2 digits) For the above purpose how should i declare my variable ? integer value if I read 03 in variable value then it gives me error ...also user can enter n number... (4 Replies)
Discussion started by: dhananjayk
4 Replies

2. UNIX for Dummies Questions & Answers

Restricting the user *LINUX RED HAT*

Hats of to all the members for providing the detailed guidence to the newbe !! :o I am working on Red Hat LINUX plateform, where the number of users are more that 50. The problem I m facing is that all the user are opening the virtual terminals and leave it unattended for hours together and... (4 Replies)
Discussion started by: vakharia Mahesh
4 Replies

3. UNIX for Dummies Questions & Answers

Restricting SSH usage

Hello, For one of our servers, we have had people trying to illegally loggon using the ssh service. My manager has asked me to restrict ssh access to users in our internal network but close ssh access to the "outside" world. Could someone at the very least point me to some resources on the... (7 Replies)
Discussion started by: mojoman
7 Replies

4. Solaris

Restricting SFTP user to a defined directory and home directory

Hi, I've created solaris user which has both FTP and SFTP Access. Using the "ftpaccess" configuration file options "guest-root" and "restricted-uid", i can restrict the user to a specific directory. But I'm unable to restrict the user when the user is logged in using SFTP. The aim is to... (1 Reply)
Discussion started by: sftpuser
1 Replies

5. UNIX for Dummies Questions & Answers

Restricting SFTP access

Hello, I am using MySecureShell to chroot all sftp accesses. The problem that I have is that my boss does not want root to be able to use sftp. Root should still be able to ssh. Any ideas? (2 Replies)
Discussion started by: mojoman
2 Replies

6. UNIX for Dummies Questions & Answers

Restricting a user to their home directory and below

I found this old closed thread: I can do these things, but how to I change someone's profile - where do I find the profile? I'm running Centos 5.6 ~~~~~~~~~ providing you have the password shell set to ksh, you can put this in his .profile: cd /opt/load alias -x cd=: (6 Replies)
Discussion started by: jjj0923
6 Replies

7. Red Hat

Restricting multiple users to run only sftp server

Hello, can someone please provide steps, can I restrict a multiple users to only access only sftp on a server, to perform upload and download of files on their home directories. 1. I have updated their login shell as /sbin/nologin. anything else do I need to update. Thanks, (3 Replies)
Discussion started by: bobby320
3 Replies

8. UNIX for Dummies Questions & Answers

Restricting Usage of Setuid Programs to the Admin User In MacOsx

This is a quote from the Apple security configuration (you can download it from Apple) " Using ACLs to Restrict Usage of Setuid Programs The ACL feature of Mac OS X can also be used to restrict the execution of setuid programs. Restricting the execution of setuid programs to administrators... (3 Replies)
Discussion started by: Vera
3 Replies

9. Red Hat

SFTP user include/exclude without preventing SSH login

I have been asked to see if we can restrict SFTP access to authorised users only. There will be business users who will log on with SSH, but they are locked into a menu. They will have write access to the production data to do their job, but we don't want them to have access to read/write the... (8 Replies)
Discussion started by: rbatte1
8 Replies

10. Shell Programming and Scripting

Passwordless sftp using a different user than the runtime user

I am running a shell script as user A. In that script I need to execute a sftp that would transfer the file using another user B. I am using the below command: sftp -oPort22 B@remote server However, I am getting password prompts each time. I have done the following: Added the public... (4 Replies)
Discussion started by: mady135
4 Replies

LEARN ABOUT CENTOS

sftp-server

SFTP-SERVER(8)						    BSD System Manager's Manual 					    SFTP-SERVER(8)

NAME

     sftp-server -- SFTP server subsystem

SYNOPSIS

     sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level] [-u umask]

DESCRIPTION

     sftp-server is a program that speaks the server side of SFTP protocol to stdout and expects client requests from stdin.  sftp-server is not
     intended to be called directly, but from sshd(8) using the Subsystem option.

     Command-line flags to sftp-server should be specified in the Subsystem declaration.  See sshd_config(5) for more information.

     Valid options are:

     -d start_directory
	     specifies an alternate starting directory for users.  The pathname may contain the following tokens that are expanded at runtime: %%
	     is replaced by a literal '%', %h is replaced by the home directory of the user being authenticated, and %u is replaced by the user-
	     name of that user.  The default is to use the user's home directory.  This option is useful in conjunction with the sshd_config(5)
	     ChrootDirectory option.

     -e      Causes sftp-server to print logging information to stderr instead of syslog for debugging.

     -f log_facility
	     Specifies the facility code that is used when logging messages from sftp-server.  The possible values are: DAEMON, USER, AUTH,
	     LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The default is AUTH.

     -h      Displays sftp-server usage information.

     -l log_level
	     Specifies which messages will be logged by sftp-server.  The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1,
	     DEBUG2, and DEBUG3.  INFO and VERBOSE log transactions that sftp-server performs on behalf of the client.	DEBUG and DEBUG1 are
	     equivalent.  DEBUG2 and DEBUG3 each specify higher levels of debugging output.  The default is ERROR.

     -R      Places this instance of sftp-server into a read-only mode.  Attempts to open files for writing, as well as other operations that
	     change the state of the filesystem, will be denied.

     -u umask
	     Sets an explicit umask(2) to be applied to newly-created files and directories, instead of the user's default mask.

     For logging to work, sftp-server must be able to access /dev/log.	Use of sftp-server in a chroot configuration therefore requires that
     syslogd(8) establish a logging socket inside the chroot directory.

SEE ALSO

     sftp(1), ssh(1), sshd_config(5), sshd(8)

     T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-filexfer-02.txt, October 2001, work in progress material.

HISTORY

     sftp-server first appeared in OpenBSD 2.8.

AUTHORS

     Markus Friedl <markus@openbsd.org>

BSD
								   July 16, 2013							       BSD
All times are GMT -4. The time now is 06:45 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy