Urban Hillebrand wrote:
If using sftp with WinSCP is still an option, but you do not want users to
have SSH access, this can be achieved easily with sshd_config-settings
like:
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
Match Group sftp
X11Forwarding no
AllowTcpForwarding no
ForceCommand /usr/libexec/sftp-server
Not sure if this is fits your needs though.
I can test this too. I know this is very ridiculous, but see there is
lots of laziness I guess at play here, or total lack of understanding.
If it was employee, they would be out the door for such a laziness.
Over years of pounding, some finally use WinSCP, or Putty and that's
great. Others, just are brain dead and are just browser users and
anything not in the browser is to complicated for them. Like I had to
setup the FTP to allow them to use their stupid explorer to connect to
FTP using their browser as it was to much trouble for them to use an
ftp, or better yet an sftp client! I know.....
Then over time, even that, using FTP was to much trouble and they keep
messing things up. How, I can't explain, I really can't figure out how
they can do this, honest. I have no clue how someone can be that stupid.
Then I had to explain how to setup the "My Network Places" in Windows
for them to be able to use their Window Explorer to copy files back and
forth using their FTP underlying process supported here and that got
them to shut up for a while. The problem is that they complain as they
can't use their stupid Word for example to edit a file remotely on the
server because it doesn't map to a drive letter in Windows and as such
for example, they can't do "save as".
See how stupid this is!
So, in the end is they sure want all the security, but no difference for
them and they sure are not welling to learn anything new as they have
done the same things for years and can't accept why it would need to be
different.
Then I look at setting up a tunnel between the various office and the
remote servers, but then, I hit the wall with the IT internal department
here.
I am just stuck with this kind of stupidity and try to find all kind of
different solutions that might shut them off for good and each time I
thought I was closer to that, but then not.
And obviously did I say they don't want to pay for special software, or
add network stuff in the process.
The sad part is that's the biggest client and the less savvy if you want
and sure hell the one that give me the most trouble.
So, that's why I am looking for may be some kind of miracle I guess. I
have tried so many different things and always kit the wall with
different department here that are just set in their ways so bad for
years and just don't evolve, however wants security, but no inconvenient
or changes what so ever. Sound familiar???
I was even going to install servers on site local to them and then just
rsync them, but then, they don't want the delay here and the IT is
oppose to have server internally that is control by outside people. Kind
of a catch 22 if you asked me.
But I keep trying to find ideas that might finally work for them,
however, I have to admit, I am not successful yet.
Best,
Daniel