Method to permit ssh while denying sftp
Damien Miller
djm at mindrot.org
Fri Apr 3 09:55:45 EST 2009
On Thu, 2 Apr 2009, Iain Morgan wrote:
> If you really want to disable sftp support, you could start by not
> defining the sftp subsystem in the sshd_config. However, users could
> always use the -s option to specify the path to the sftp-server
> executable. So you'd have to remove or chmod the executable as well.
> But users could still get around that by installing a copy of the
> executable in their home directories, assuming that filesystem is not
> mounted with the noexec flag.
... and even then they will still be able to transfer files using
cat, dd, tar and other standard tools, probably ones that are built into
the shell too.
You can't really allow shell access and deny file transfer access.
-d
More information about the openssh-unix-dev
mailing list