Method to permit ssh while denying sftp
Iain Morgan
imorgan at nas.nasa.gov
Fri Apr 3 09:51:14 EST 2009
On Thu, Apr 02, 2009 at 11:21:12 -0500, Brenda Burnell (bburnell) wrote:
> Is there a way to permit ssh sessions while denying sftp with openssh
> 3.8?
>
>
>
> In openssh 4.4+ this is possible using the Match directive with Force
> Command but I don't know how to configure this in older versions.
>
>
>
> Thanks in advance for any guidance.
>
>
>
> Brenda
>
If you really want to disable sftp support, you could start by not
defining the sftp subsystem in the sshd_config. However, users could
always use the -s option to specify the path to the sftp-server
executable. So you'd have to remove or chmod the executable as well.
But users could still get around that by installing a copy of the
executable in their home directories, assuming that filesystem is not
mounted with the noexec flag.
--
Iain Morgan
More information about the openssh-unix-dev
mailing list