Method to permit ssh while denying sftp

Iain Morgan imorgan at nas.nasa.gov
Fri Apr 3 09:51:14 EST 2009


On Thu, Apr 02, 2009 at 11:21:12 -0500, Brenda Burnell (bburnell) wrote:
> Is there a way to permit ssh sessions while denying sftp with openssh
> 3.8?
> 
>  
> 
> In openssh 4.4+ this is possible using the Match directive with Force
> Command but I don't know how to configure this in older versions.
> 
>  
> 
> Thanks in advance for any guidance.
> 
>  
> 
> Brenda
> 

If you really want to disable sftp support, you could start by not
defining the sftp subsystem in the sshd_config. However, users could
always use the -s option to specify the path to the sftp-server
executable. So you'd have to remove or chmod the executable as well.
But users could still get around that by installing a copy of the
executable in their home directories, assuming that filesystem is not
mounted with the noexec flag.

-- 
Iain Morgan


More information about the openssh-unix-dev mailing list