Is there a way to permit ssh sessions while denying sftp with openssh 3.8? In openssh 4.4+ this is possible using the Match directive with Force Command but I don't know how to configure this in older versions. Thanks in advance for any guidance. Brenda
On 2009-04-02 11:21, Brenda Burnell (bburnell) wrote:
: Is there a way to permit ssh sessions while denying sftp with openssh
: 3.8?
:
: In openssh 4.4+ this is possible using the Match directive with Force
: Command but I don't know how to configure this in older versions.
:
: Thanks in advance for any guidance.
Are you sure you asked the question you intended to ask?
Permitting ssh while denying sftp makes no sense. If a user has ssh
access, she can transmit files using any of the following methods:
- Using 'scp' instead of 'sftp'
- Executing 'sftp-server' manually
- Executing another file transfer program, such as 'tar' or
'cat'
Perhaps you could explain in more detail what you're intending to allow
and prevent.
--
jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG key ID: C6F31FFA >>>>>>
http://www.pobox.com/~jmknoble/keys/ )
(GnuPG fingerprint: 99D8:1D89:8C66:08B5:5C34::5527:A543:8C33:C6F3:1FFA)
On Thu, Apr 02, 2009 at 11:21:12 -0500, Brenda Burnell (bburnell) wrote:> Is there a way to permit ssh sessions while denying sftp with openssh > 3.8? > > > > In openssh 4.4+ this is possible using the Match directive with Force > Command but I don't know how to configure this in older versions. > > > > Thanks in advance for any guidance. > > > > Brenda >If you really want to disable sftp support, you could start by not defining the sftp subsystem in the sshd_config. However, users could always use the -s option to specify the path to the sftp-server executable. So you'd have to remove or chmod the executable as well. But users could still get around that by installing a copy of the executable in their home directories, assuming that filesystem is not mounted with the noexec flag. -- Iain Morgan