keypair auth and limiting access to sftp
Peter W
peterw at usa.net
Mon Sep 17 11:51:22 EST 2001
On Sun, Sep 16, 2001 at 09:38:30PM -0400, James Ralston wrote:
> Even worse, I can't disable sftp access for chroot()'ed accounts
> without disabling it for everyone. (Using the "command" option in the
> authorized_keys2 file will break scp, but sftp will still work.)
I was about to post on that topic. I would like to see OpenSSH changed
so you can have the sftp subsystem installed/available, but *disable*
access to the sftp susbsytem on a keypair-by-keypair basis in the
authorized_keys2 file, much as one restricts commands with command=
As it stands,[0] it is unsafe to depend on authorized_keys2 to restrict
a client keypair authentication to some well-defined task.
-Peter
[0] based on my observations of 2.5.2p2, reading of 2.9x documentation,
and a response on usenet
More information about the openssh-unix-dev
mailing list