Restrict SSH to file transfers only [duplicate]

ssh

Since they're logging in by using public keys, you can simply set that key to not allow any PTY. Here's an example of a fairly closed-down key:

from="their.workstation.only.domain.com",no-pty,no-port-forwarding ssh-dss AAA....

This will only allow connections from one computer and will disallow both PTY and port forwarding. All such options should come before the actual key starts and be separated by commas.

There's a list of all possible options in the section AUTHORIZED_KEYS FILE FORMAT in the man page for sshd.


I think rssh is obviously choice.

rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. It now also includes support for rdist, rsync, and cvs. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that.

Related

Windows Server 2012 - Azure Online Backup Status?
Registering SIP phone (X-Lite) to asterisk server (asteriskNow)
Hosting multiple domains on seperate servers but only one public IP address
how to get the full path of an open file
List sudo users in centos
Installing WSGI on EC2 micro instance
Display JCheckBox in JTable
What are the package dependencies for httpd? (rhel 5)
Why can the primary record for a domain not be a CNAME record? [duplicate]
Turning Dell laptop network drivers on with no network cable plugged in?
Does Linux support IPv4 mapped IPv6 addresses?
Can you use wildcards in Subversion's Path Based Authorization?