On Thu, 23 Nov 2006, Ingo Schwarze wrote:
> From time to time, people come here to ask:
> How can i set up an account for SFTP only, forbidding shell access?
>
> One common answer is scponly, http://sublimation.org/scponly/wiki/
> This looks quite powerful, in particular if you intend to chroot.
>
> I just had to implement SFTP only access myself. Reading the scponly
> sources, i realized that the task is nearly trivial as long as you
> only want SFTP, no other protocols, and need no chroot. So i thought
> i might as well share with the list. In case i overlooked anything
> serious, chances are i shall be beaten... ;-)
In OpenSSH-4.5:
Match user djm
X11Forwarding no
AllowTCPForwarding no
ForceCommand /usr/libexec/sftp-server
-d
