How to restrict users to SFTP only instead of SSH
Sometimes you want to have users, that have access to files on your server, but don’t want them to be able to log in and execute commands on your server.
This is done quite easily.
Add user as usually and assign him a password. Then run the following command (replace the ‘username’ with real user name):
root@host # usermod -s /usr/lib/sftp-server username
This changes user’s shell to sftp-server.
The last step for this to work is to add ‘/usr/lib/sftp-server‘ to /etc/shells to make it a valid shell, eg. like this:
root@host # echo '/usr/lib/stfp-server' >> /etc/shells
There. Now you’ve setup a user who can only access your server with SFTP.
Not working, It gives access denied also to SCP, SFTP and SSH
:(
This is an old post. I suggest you search for the chroot sftp option in newer sshd versions. I have configured this on a per user match almost like this post http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/
Hope this is what you are looking for.
thanx, but no ,, actually i m trying to to permit scp and sftp but denying ssh login.
I ve tried with:
rssh shell followning this http://centoshelp.org/security/restrict-user-account-to-cvs-scp-sftp-rsync-only-with-centos/
but finally accomplished to copy files with linux client using sftp and scp (ssh now is access deny to user), but !!!!! when i ma trying to do the same using WinSCP (for windows) sftp is working fine and scp outputs an error saying:
—————————
Connection has been unexpectedly closed. Server sent command exit status 0.
—————————
Error skipping startup message. Your shell is probably incompatible with the application (BASH is recommended).
…. so i m still working on this.