Non-shell accounts and scp/sftp

Darren Tucker dtucker at
Fri Dec 8 11:39:55 AEDT 2023

On Fri, 8 Dec 2023 at 07:39, Philip Prindeville
<philipp_subx at> wrote:
> Problem is that if their default shell isn't sh, ash, dash, bash, zsh, etc. then things break.
> Is there a workaround to allow scp/sftp to continue to work even for non-shell accounts?

sftp should work regardless of the user's shell since it is invoked as
a ssh subsystem which is independent of the shell channel.

scp is built around the assumption that the shell is involved.  It is
possible for a restricted shell to allow scp and the arguments that it
needs (there have been tools such as scponly and rssh) although it is
very difficult to do this securely (rssh at least gave up trying

I'd suggest not trying to support scp at all and concentrating on sftp.

Darren Tucker (dtucker at
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list