On Tue, Jun 04, 2002 at 09:58:55AM -0400, Jon McCain wrote:
> You can remove the sftp-server program to disable sftp but you can't
> turn off the scp commands. They are part of ssh. So someone could
> still use something like winscp and be able to browse everything.
>
> You can "break" scp by making the users shell a menu script (i.e.
> /usr/bin/yourmenu instead of /usr/bin/bash) so they can not get to a $
> prompt. You also have to define your menu script as a shell
> (/etc/shell) so regular ftp will still work.
Or you could use pam_listfile or pam_wheel in the PAM control file for
ssh to restrict ssh logins. For example, on one of my servers, I have
this line in /etc/pam.d/ssh:
auth required pam_listfile.so sense=allow onerr=fail item=user
file=/etc/loginusers
which keeps anyone not listed in /etc/loginusers from logging in.
--
William Aoki [EMAIL PROTECTED] /"\ ASCII Ribbon Campaign
B1FB C169 C7A6 238B 280B <- key change \ / No HTML in mail or news!
99AF A093 29AE 0AE1 9734 prev. expired X
/ \
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
