Unix Linux Community

No shell access to sftp user

Linux and Unix-Like Red Hat

solaris_1977 November 7, 2014, 5:33pm 1

I have created two users on our ftp server. They will use sftp to connect this server. But I do not want them to give direct ssh access. If I give /bin/false shell, sftp will not work. If I give /bin/nologin, it fails with below messages

[root@vopdc076 ~]# sftp trdeo@bd01.xxx.com
Connecting to bd01.xxx.com...
trdeo@bd01.xxx.com's password:
Received message too long 1416128883
[root@vopdc076 ~]#

Any other way to set it up like I want ?

fpmurphy November 8, 2014, 1:25pm 2

Assuming you are using OpenSSH, use a combination of the internal-sftp subsystem and chroot. Lots of guides on the Internet on how to do it.

pocodot November 19, 2014, 8:35am 3

Deny ssh access to user trdeo.

Add below line to /etc/ssh/sshd_config

DenyUsers trdeo

Save the file and restart the sshd.

This is essentially deny user trdeo a ssh login but the sftp will work fine. Hope this helps.

,
pocodot

Corona688 November 19, 2014, 10:10am 4

You could also assign them the shell of scponly, if you have that installed.

solaris_1977 November 19, 2014, 1:40pm 5

I tried to make its shell as /usr/libexec/openssh/sftp-server and this worked

1 Like

RudiC November 19, 2014, 3:16pm 6

Why not a restricted shell that exits when used interactively?

solaris_1977 November 19, 2014, 3:28pm 7

RudiC, I think, that also should work. I have not tested it yet