-1

I've been doing my research and found some clues as to where I should be looking, but just can't quite get it perfect.

I'm trying to create a new user, and allow them to have access to SFTP for file management, but I do not want them to be able to SSH and access console. Nor am I trying to su the account.

I've tried changing their bash to (/bin/nologin), but then they cannot login to SFTP, I've tried locking their account as well but that didn't work either.

I'm on Centos 6, and I'm just using the built in sftp service.

Similar to probably how a small server host would set it up, allowing access to a specific directory, but not console. Just trying to project my butt if one of my server staff tries to railroad me.

Solistica
  • 1

1 Answers1

0

You have a couple of options here, you can specify commands that can be executed in the authorized_keys file (if you are using public/private keys)

Here is an article which talks about this method:

http://cybermashup.com/2013/05/14/restrict-ssh-logins-to-a-single-command/

The second way to skin this cat is to give the user account a restricted shell. In most restricted shell setups users can only run things that exist in their home directory. You'd need to copy your /etc/ssh files and also /usr/bin/sftp to the users home directory, but then they would only be able to execute commands you put in their home dir.

Severun
  • 144