search for: channelreqdeny

...day I modified OpenSSH so that it allows me to configure in a generic way, restrictions on what server functions can be used by system users after they authenticate. The partial implementation of my plans only works for SSH2, but allows me to write entries like the following in sshd_config: ChannelReqDeny shell g restricted ChannelReqDeny exec g restricted ChannelReqDeny x11-req u * ... to deny access to those channel requests for group 'restricted'. Using my modified sftp-server, I can also write this: Subsystem sftp /path/to/sftp-server SetIf g restricted Subsystem sftp /pat...

I'm searching for a simple solution to allow access to only one directory of an existing user (that may not login) via sftp-server and authorized_keys file using the extended syntax command="/usr/lib/openssh/sftp-server --root /data/exchange",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa AAA...keydata Is something like that already possible, is there a