Help - Search - Members - Calendar
Full Version: SFTP without login?
The Planet Forums > Control Panels > Plesk
bobk
Sep 26 2002, 08:19 AM
Anybody know of a relatively simple way to give users sftp/scp access without allowing a shell login?
webbcite
Sep 26 2002, 10:06 AM
You can't. SFTP uses SSH...so you would have to give them SSH in order for them to connect.
konForce
Sep 26 2002, 11:43 AM
Perhaps there is a FTP replacement shell out there though that you could use to replace /bin/sh or whatever SFTP uses. Basically, all you need is a shell that understands "rm, mkdir, ls, chown, chmod, cd" and perhaps just a few more.

If you could do that... then your user could still log in, but would be limited to doing the same things that the SFTP can. Ie, he wouldn't be able to run commands, etc. I'm not aware of anything out there like that, but I have never really looked.
bobk
Sep 26 2002, 03:15 PM
>> replacement shell out there...

Hmmmm. This sounds worth investigating. I came across this reference, it looks exactly like what you suggest:

http://lists.suse.com/archive/suse-securit...0-Jul/0189.html

(Five minutes later) an even better solution....

http://www.sublimation.org/scponly/

I'll let you know if it works.
bobk
Sep 30 2002, 03:22 PM
Well, after some more web scouring, I found another shell (rssh) that attempts to do the same thing as scponly, but even better, I can across this:

http://archives.neohapsis.com/archives/ope...01-04/0218.html

Basically, you simply set the user's shell to sftp-server. On my plesk/rh7.1 box, this is /usr/libexec/openssh/sftp-server. Seems to work just fine.

One note: you have to add it to /etc/shells or it break's the user's ftp. So, to summarize:

usermod -s /usr/libexec/openssh/sftp-server username

then, edit /etc/shells and add:

/etc/libexec/openssh/sftp-server

to the list. Voila, secure file transfers. ws-ftp supports sftp in the latest version, as do freebies filezilla, winscp, and ixplorer, so it's getting easier and easier to get people to use it.
santosh
Oct 9 2009, 04:15 AM
Hi,
I tried this and it works but I find that Proftpd no longer logs the FTP transfers in to /usr/local/psa/var/log/xferlog.

Do you know how to enable this?

Thanks.
dynamicnet
Oct 12 2009, 07:32 AM
Greetings:

Consider utilizing mod_tls with proftpd and allowing FTPES.

See http://www.google.com/search?q=proftpd+ftpes

Thank you.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.