allowing SFTP blocking ssh(telnet access)

7 posts / 0 new
Last post
itefix
Offline
Last seen: 33 min 1 sec ago
Joined: 01.05.2008 - 21:33
allowing SFTP blocking ssh(telnet access)

How do I do to allow SFTP access whille blocking ssh(telnet)access?

itefix
Offline
Last seen: 33 min 1 sec ago
Joined: 01.05.2008 - 21:33
Re: allowing SFTP blocking ssh(telnet access)

NB! The recipe below does not work. Please see other posts for newer suggestions.
For activated users, you can replace /bin/bash with /bin/false in copssh inst. dir/etc/passwd.

That will block shell access via ssh.

itefix
Offline
Last seen: 33 min 1 sec ago
Joined: 01.05.2008 - 21:33
That didn't work I

That didn't work I think. Could you integrate scponly?

itefix
Offline
Last seen: 33 min 1 sec ago
Joined: 01.05.2008 - 21:33
Re: allowing SFTP blocking ssh(telnet access)
itefix
Offline
Last seen: 33 min 1 sec ago
Joined: 01.05.2008 - 21:33
Re: allowing SFTP blocking ssh(telnet access)

Thanks for your feedback. You're right! /bin/false was simply a false answer.

I have tested the procedure below and verified that it works:

  1. Create a file named sftponly in bin directory:
    #!/bin/bash
    if ; then
    echo "SFTP only!"
    exit 1
    fi
    exec $@

  2. chmod 755 /bin/sftponly from a BASH shell
  3. for activated users, you can replace /bin/bash with /bin/sftponly in copssh inst. dir/etc/passwd.

NB! Shell command (!) within sftp will not work as of copssh v1.3.6. You can simply override this behaviour by creating a /bin/sh link to /bin/bash.

itefix
Offline
Last seen: 33 min 1 sec ago
Joined: 01.05.2008 - 21:33
Re: allowing SFTP blocking ssh(telnet access)

I had problem using the code as it is, sshd didn't give any error but just terminated the connection but when I changed to following it worked, probably $@ was blank which is interpreted as eof by ssh client.#!/bin/bash
if ; then
echo "SFTP only!"
exit 1
fi
exec /libexec/sftp-server

itefix
Offline
Last seen: 33 min 1 sec ago
Joined: 01.05.2008 - 21:33
Re: allowing SFTP blocking ssh(telnet access)

I had problem using the code as it is, sshd didn't give any error but just terminated the connection but when I changed to following it worked, probably $@ was blank which is interpreted as eof by ssh client.
#!/bin/bash

if ; then

echo "SFTP only!"

exit 1

fi

exec /libexec/sftp-server

AFAIK, there is no /libexec directory on a standard copssh installation.

Topic locked

Release news