Suggestion for openssh

Paulo phribbr at
Tue Feb 7 23:04:54 EST 2012


I do not know if it's the ideal place, but I'm sending some suggestion.
Always use openssh and its enormous features.

- I needed to create an environment with only sftp access and thus used:

   - Match User suporte
         ForceCommand / usr / lib / openssh / sftp-server

   OK! It worked perfectly! But only sftp.

- Create an environment with only blocking the ssh,  but scp and sftp
access, I used:
     - Rssh;
     - Mysecureshell;
     - Scponly.
   Work, but change  my SHELL, and also created another
   environment for authentication and this is not good.

So I suggest to you developers  the following idea:
- Create the following options to sshd_config:
    - DenyCmdssh
    - DenyCmdscp
    - DenyCmdsftp
  All three options above with default value "no".
  If I want to scp access only could perform the following configuration.

     - Match User suporte
             DenyCmdssh yes
             DenyCmdsftp yes
             DenyCmdscp no

I see that being possible the inclusion of these options, it would kill
rssh, scponly and mysecureshell and the whole configuration of openssh would
in / etc / ssh / sshd_config.

I imagine that working with ChrootDirectory...

OK! This was just a suggestion!
And thank you for openssh.

Thank you!
Paulo Henrique Ribeiro

More information about the openssh-unix-dev mailing list