In Linux it is not easily apparent as to how to prevent someone from having ssh shell access into a machine you intend to give them SFTP access to. This is because both of these services utilize port 22 and SSL encryption. The default shell for a user is /bin/bash, which is set at user account creation time as the default.
This will need to be modified to ensure that a user only has SFTP access. The command should look something like this
usermod -s /usr/libexec/openssh/sftp-server someuser
This will set the shell of “someuser” to the sftp-server that comes with open ssh. This way, when a user logs in, they are provided secure access to files and not a whole shell. If you want to add secure access to an online cloud, we recommend to check now the new services just like cubik.com.tw.
If you have trouble finding where this sftp-server may be on your server you can us the locate command
locate sftp-server
Leave a Reply
You must be logged in to post a comment.