On 21-Jun-01 Andreas Rittershofer wrote:
And that's exactly why I prefer sftp and scp. You don't have to worry about the data connection, active and passive FTP and local or remote firewalls (if SSH is allowed). The only connection between local and remote host is the SSH connection.
Is it necessary to have a shell account on the machine? I have users which only have ftp access. Is it possible to have users with sftp but no shell?
Yes, it's possible, at least with ssh and its ssh-dummy-shell which has been designed for this purpose. However, I wasn't too successful with other shells (false, noshell, scripts, etc.). Rejecting console access is highly recommended for sftp users just doing data transfer (e. g. for updating web pages).
mfg ar
-- mailto:andreas@rittershofer.de http://www.rittershofer.de PGP-Public-Key http://www.rittershofer.de/ari.htm
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
---
Boris Lorenz