-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear collegues,
we recently had the discussion in this list, how to let users use
sftp but deny them shell access on the box. The commercial SSH
version from ssh.com does this with a special dummy shell, but
from OpenSSH's distribution such a dummy shell is missing.
Well that's actually a very simple little thing, but some of you
might not have the time or eagerness go into programming,
hence I am enclosing our version of that beast.
Please help me with a caring sledge hammer should there be
some holes in the coding.
Michael
- --
Michael Zimmermann (Vegaa Internet Services)
phone +49 89 6283 7632 hotline +49 163 823 1195
Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811
- --------------------------------- snip [ vegaa.dummy_shell.c ] ------------
//
// vegaa_dummy_shell.c by zim@vegaa.de 2002-03-14
//
// This program behaves as a shell for users,
// which you want to allow sftp access (e.g for OpenSSH)
// but don't want to allow normal shell access.
//
// Copyright: Feel free to use it as you like it.
// Warranty: None .o)
//
// Compilation:
//
// gcc vegaa_dummy_shell.c -o vegaa_dummy_shell
//
// Installation:
//
// 1.) Put this dummy_shell somewhere, say as /usr/bin/vegaa_dummy_shell.
// Make it's owner root:root and it's permissions 0755 (or 0555).
// 2.) Specify the dummy_shell as the user's shell in /etc/passwd
// 3.) You may want to enter it also in /etc/shells, if these users
// should also be allowed normal ftp-access, too.
//
// Should your sftp-server sit in another location,
// change the following line accordingly
#define SFTP_COMMAND "/usr/lib/ssh/sftp-server"
#include
#include
#include
#include
#include
int
main(int argc, char **argv)
{
int i;
if (argc!=3) {
syslog(LOG_ERR,
"ACCESS DENIED %s: illegal number of arguments=%d",
argv[0],argc);
for (i=1;ihttp://www.gnupg.org
iD8DBQE8kOUn72vu22ltWBERAq5+AJ9eWV+4uyF6tnEaSmHy0ZV5lfrGGwCdGloP
A81KtuLhWJIJwcxL3WyrJbU=
=hK/I
-----END PGP SIGNATURE-----