Access SFTP sans shell

Voir :

https://access.redhat.com/solutions/2399571

Voir également :

rssh
mysecureshell

Ou pour un acces exclusif en SFTP :

#usermod -s /usr/lib/openssh/sftp-server username
echo "/usr/lib/openssh/sftp-server" >> /etc/shells

Source : http://www.debian-administration.org/article/94/How_to_restrict_users_to_SFTP_only_instead_of_SSH

Comme bash figure dans /etc/shells, c'est ok

/usr/local/bin/sftp.sh

#! /bin/bash
/usr/lib/openssh/sftp-server -l INFO

chmod +x /usr/local/bin/sftp.sh

Tout est log dans /var/log/auth.log

/etc/passwd

test:x:1003:1003:,,,:/home/test:/usr/local/bin/sftp.sh

Notes MySecureShell

/etc/ssh/sftp_config

<Default>
        #Home                   /home/$USER     #overrite home of the user but if you want you can use
                                        #  environment variable (ie: Home /home/$USER)
        #LimitConnection         10      #max connection for the server sftp
        #LimitConnectionByUser   1       #max connection for the account
        #LimitConnectionByIP     2       #max connection by ip for the account
        LimitConnection         10      #max connection for the server sftp
        LimitConnectionByUser   5       #max connection for the account
        LimitConnectionByIP     10       #max connection by ip for the account
 
</Default>

/etc/shells

/usr/bin/mysecureshell

/etc/init.d/mysecureshell restart

usermod -s /usr/bin/mysecureshell sftpuser

# sftp-verif

Verifing file rights of /usr/bin/mysecureshell                       [ FAILED ]
Rights problems have been detected 0755 and should be 4755
Do you want to repair /usr/bin/mysecureshell file rights ? (Y/n)

Debug

Voir : /var/log/sftp-server.log