You are not logged in.
I need to create a "restricted" user account that people can use for FTP, but cant be used to SSH into the server.
i am using the latest version of openSSH
Offline
I don't understand.
Do you want restrict user for a SFTP use? For this use rssh program.
Offline
i want people to be able to use the account to login throught FTP but not let them login through SSH
Offline
modify according line from /etc/passwd from /bin/bash to /bin/false or /sbin/nologin
or
you can configure sshd to permit/deny only specific users or groups. man sshd_config
AllowGroups
This keyword can be followed by a list of group name patterns,
separated by spaces. If specified, login is allowed only for
users whose primary group or supplementary group list matches
one of the patterns. Only group names are valid; a numerical
group ID is not recognized. By default, login is allowed for
all groups. The allow/deny directives are processed in the fol‐
lowing order: DenyUsers, AllowUsers, DenyGroups, and finally
AllowGroups.
AllowUsers
This keyword can be followed by a list of user name patterns,
separated by spaces. If specified, login is allowed only for
user names that match one of the patterns. Only user names are
valid; a numerical user ID is not recognized. By default, login
is allowed for all users. If the pattern takes the form
USER@HOST then USER and HOST are separately checked, restricting
logins to particular users from particular hosts. The
allow/deny directives are processed in the following order:
DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.
Last edited by wonder (2008-12-27 12:12:47)
Give what you have. To someone, it may be better than you dare to think.
Offline
i want people to be able to use the account to login throught FTP but not let them login through SSH
I'm not realy sure that i understand you in the right way but you can use "AllowGroups" and/or "AllowUsers" in the sshd_config to control which users can login via ssh.
Offline
i will be using the server as an FTP server at a lan party, it already has a few accounts for the web hosting on it, aswell as accounts for people using it as FTP storage, so it already has all the security i want, so the user was already limited, and the files on the ftp server where going to be read only by that user, but at the lan party some people would have found it funny to login through ssh and "passwd" or "rm -R patches/" so just removing ssh access for the only user they will know the password to was the easiest way to go.
"DenyUser lan" in /etc/ssh/sshd_config has worked fine for what i want
Offline