On Thu, 23 Nov 2006, Ingo Schwarze wrote: > From time to time, people come here to ask: > How can i set up an account for SFTP only, forbidding shell access? > > One common answer is scponly, http://sublimation.org/scponly/wiki/ > This looks quite powerful, in particular if you intend to chroot. > > I just had to implement SFTP only access myself. Reading the scponly > sources, i realized that the task is nearly trivial as long as you > only want SFTP, no other protocols, and need no chroot. So i thought > i might as well share with the list. In case i overlooked anything > serious, chances are i shall be beaten... ;-)
In OpenSSH-4.5: Match user djm X11Forwarding no AllowTCPForwarding no ForceCommand /usr/libexec/sftp-server -d