Is there a way to permit ssh sessions while denying sftp with openssh 3.8? In openssh 4.4+ this is possible using the Match directive with Force Command but I don't know how to configure this in older versions. Thanks in advance for any guidance. Brenda
On 2009-04-02 11:21, Brenda Burnell (bburnell) wrote: : Is there a way to permit ssh sessions while denying sftp with openssh : 3.8? : : In openssh 4.4+ this is possible using the Match directive with Force : Command but I don't know how to configure this in older versions. : : Thanks in advance for any guidance. Are you sure you asked the question you intended to ask? Permitting ssh while denying sftp makes no sense. If a user has ssh access, she can transmit files using any of the following methods: - Using 'scp' instead of 'sftp' - Executing 'sftp-server' manually - Executing another file transfer program, such as 'tar' or 'cat' Perhaps you could explain in more detail what you're intending to allow and prevent. -- jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/ (GnuPG key ID: C6F31FFA >>>>>> http://www.pobox.com/~jmknoble/keys/ ) (GnuPG fingerprint: 99D8:1D89:8C66:08B5:5C34::5527:A543:8C33:C6F3:1FFA)
On Thu, Apr 02, 2009 at 11:21:12 -0500, Brenda Burnell (bburnell) wrote:> Is there a way to permit ssh sessions while denying sftp with openssh > 3.8? > > > > In openssh 4.4+ this is possible using the Match directive with Force > Command but I don't know how to configure this in older versions. > > > > Thanks in advance for any guidance. > > > > Brenda >If you really want to disable sftp support, you could start by not defining the sftp subsystem in the sshd_config. However, users could always use the -s option to specify the path to the sftp-server executable. So you'd have to remove or chmod the executable as well. But users could still get around that by installing a copy of the executable in their home directories, assuming that filesystem is not mounted with the noexec flag. -- Iain Morgan