[plug] Allow SSH but deny SFTP?

Andrew Furey andrew.furey at gmail.com
Thu Jul 20 17:04:29 AWST 2017

Hi all, long time no post...

I have a requirement for users to have full user-level SSH access (their
profile then launches a full-session application and logs out at the end;
they don't have shell access within this application so it's safe enough to
just allow as normal).

I want to restrict ability to use SFTP to trundle through the filesystem.
However I would like to still allow it for root (grand prize being other
specified users if possible too) so I can't just turn the Subsystem itself
off... can I?

I don't think I can use the internal-sftp and then chroot it (which would
probably also be sufficient) as the requirement for 755 root:root on the
home directory and above will most likely break the intended application.

Any ideas?


Linux supports the notion of a command line or a shell for the same
reason that only children read books with only pictures in them.
Language, be it English or something else, is the only tool flexible
enough to accomplish a sufficiently broad range of tasks.
                          -- Bill Garrett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20170720/af0fd60c/attachment.html>

More information about the plug mailing list