It would be sweet if "we" could just simply set the users shell
to
usr/bin/false to prevent ssh while still allowing scp/sftp. I've
got a
hunch doing this involves non-trival code changes.
That's what I was lead to believe as well. My users will never be
connecting anonymously as each users data is private, as such I ideally
would use FTPD and chroot the users and use /usr/bin/false, if I could
get SSL working with it. The reason for wanting to use SSL/TLS is the
sensitivity of the information uploaded to these servers. The clients
are already used to SSL/TLS as the existing servers are WS_FTP servers.
The problem is a lack of trust in the WS product (Long story), and the
fact that I would much rather have OBSD hanging it's neck out than win.
We need a secure and more importantly a stable ftp solution, without
adding complexity to the customer changing to SFTP is a potential
solution, but I don't want to have real accounts for these users. It
just seems like giving the user WAY more than they need. There is NO
reason for these users to ever login except to upload to their home
directory. Also is there much overhead with SFTP? These users are
uploading literally hundreds of thousands of little files 1-30k.
Regards,
Bob Bostwick
