Non-shell accounts and scp/sftp
Darren Tucker
dtucker at dtucker.net
Fri Dec 8 11:39:55 AEDT 2023
On Fri, 8 Dec 2023 at 07:39, Philip Prindeville
<philipp_subx at redfish-solutions.com> wrote:
[...]
> Problem is that if their default shell isn't sh, ash, dash, bash, zsh, etc. then things break.
> Is there a workaround to allow scp/sftp to continue to work even for non-shell accounts?
sftp should work regardless of the user's shell since it is invoked as
a ssh subsystem which is independent of the shell channel.
scp is built around the assumption that the shell is involved. It is
possible for a restricted shell to allow scp and the arguments that it
needs (there have been tools such as scponly and rssh) although it is
very difficult to do this securely (rssh at least gave up trying
entirely).
I'd suggest not trying to support scp at all and concentrating on sftp.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list