On Mon, 7 Jun 2004, Crist J. Clark wrote: > On Sun, Jun 06, 2004 at 11:38:55PM -0700, Doug Barton wrote: >> On Wed, 19 May 2004, Dan Rue wrote: >> >>> You obviously havn't tried to chroot scponly users.. _that's_ the tricky >>> part. Especially if you want it to scale up beyond a handful of users. >>> If i'm wrong - fill me in i'd love to hear how to do it. >> >> Have you considered using ~/.ssh/authorized_keys to restrict the account >> from tty access? This would allow you to do commands (like scp) without >> the risk of the user getting an actual shell. > > $ ssh host /bin/sh > > You don't need a tty to get an interactive shell. You can also enforce what commands the user can run to prevent this. Read sshd(8) for more information. Doug -- This .signature sanitized for your protection _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"