Monday, March 18, 2013

How to restrict users to SFTP only instead of SSH


Sometimes you want to have users, that have access to files on your server, but don't want them to be able to log in and execute commands on your server. This is done quite easily. Add user as usually and assign him a password. Then run the following command (replace the 'username' with real user name):

root@host # usermod -s /usr/lib/sftp-server username

This changes user's shell to sftp-server. The last step for this to work is to add '/usr/lib/sftp-server' to /etc/shells to make it a valid shell, eg. like this:

root@host # echo '/usr/lib/stfp-server' /etc/shells

There. Now you've setup a user who can only access your server with SFTP.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)