openssh unix dev - Nov 2002 - (no subject)

Good morning,

I am david pierrot ingeener for it company.

We nned to install a ssh client and ssh server (linux and win 2000)

we have have problem , could you tell me please if this thing is possible.

we want that users on ssh can only use sftp or scp but we do not want thath
they can be use roo command or something elese.
with sshd command it is possible to use telnet by port 22, do you think that
is it possible to forbiden this kind of thing and to have only ftp command.

many thanks in advance.

best regards
> DAVID PIERROT
> UNEDIC Ma?trise d'Oeuvre 
> *  5, avenue Jean Jaures - BP2 - 69551 FEYZIN Cedex
msg : dpierrott at unedic.fr                    
Tel. : 04-72-89-23-62



+----------------------------------------------------------------+
| Ce courrier ainsi que les fichiers joints sont confidentiels.  |
| Si vous avez recu ce courrier par erreur, veuillez en informer |
| l'administrateur du systeme : exp-iris at unedic.fr               |
|                          ---------                             |
| Ce message confirme que le courrier a passe le controle        |
| antivirus du relais de messagerie Internet avec succes.        |
+----------------------------------------------------------------+

I've attached an email that I wrote a couple of weeks ago -- including
my solution to the problem. (an sftp chroot jail). It has two parts: an
sftpsh replacement for nologin and a (very spall) patch for sftp

While I'm at it. what's the protocol for submitting these changes
for inclusion in the base release?

PIERROT David wrote:
> Good morning,
> 
> I am david pierrot ingeener for it company.
> 
> We nned to install a ssh client and ssh server (linux and win 2000)
> 
> we have have problem , could you tell me please if this thing is possible.
> 
> we want that users on ssh can only use sftp or scp but we do not want thath
> they can be use roo command or something elese.
> with sshd command it is possible to use telnet by port 22, do you think
that
> is it possible to forbiden this kind of thing and to have only ftp command.
> 
> many thanks in advance.
> 
> best regards
> 
> 
>>DAVID PIERROT
>>UNEDIC Ma?trise d'Oeuvre 
>>*  5, avenue Jean Jaures - BP2 - 69551 FEYZIN Cedex
> 
> msg : dpierrott at unedic.fr                    
> Tel. : 04-72-89-23-62
> 
> 
> 
> +----------------------------------------------------------------+
> | Ce courrier ainsi que les fichiers joints sont confidentiels.  |
> | Si vous avez recu ce courrier par erreur, veuillez en informer |
> | l'administrateur du systeme : exp-iris at unedic.fr               |
> |                          ---------                             |
> | Ce message confirme que le courrier a passe le controle        |
> | antivirus du relais de messagerie Internet avec succes.        |
> +----------------------------------------------------------------+
> 
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
-- 
Stephen Samuel +1(604)876-0426                samuel at bcgreen.com
		   http://www.bcgreen.com/~samuel/
Powerful committed communication, reaching through fear, uncertainty and
doubt to touch the jewel within each person and bring it to life.
-------------- next part --------------
An embedded message was scrubbed...
From: Stephen Samuel <samuel at bcgreen.com>
Subject: changes to allow chroot'ed sftp
Date: Sun, 10 Nov 2002 22:41:53 -0800
Size: 6720
Url:
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20021118/78447be5/attachment.mht