In Linux it is not easily apparent as to how to prevent someone from having ssh shell access into a machine you intend to give them SFTP access to. This is because both of these services utilize port 22 and SSL encryption. The default shell for a user is /bin/bash, which is set at user account creation time as the default.
This will need to be modified to ensure that a user only has SFTP access. The command should look something like this
usermod -s /usr/libexec/openssh/sftp-server someuser
This will set the shell of “someuser” to the sftp-server that comes with open ssh. This way, when a user logs in, they are provided secure access to files and not a whole shell.
If you have trouble finding where this sftp-server may be on your server you can us the locate command
locate sftp-server
Leave a Reply
You must be logged in to post a comment.