Limiting SSH to SFTP only?

ssh sftp authorized-keys

I use SSH keys to allow passwordless logons to my box. I want to limit them to SFTP only.

I have the following in my authorized_keys file which appears to work:

command="internal-sftp" ssh-rsa ...

I can't seem to find a way around it...but I am no genius...am I actually secure?


I think the proper way to configure this would be to add ForceCommand internal-sftp to the specific user section on sshd_config

Subsystem sftp internal-sftp

Match User MyUser
    PasswordAuthentication no
    ChallengeResponseAuthentication no
    ForceCommand internal-sftp
    ChrootDirectory /home/MyUser

not really. One can just download the authorized_keys file, edit it removing the command="internal-sftp" part and upload it on top of yours and then ssh into the box.

Related

How do I identify my CPU model?
how do I average the lowest 3 of the final 6 numbers in a row of 22? Some cells may be blank
Extracting uncommon components from Windows installed on SSD
OpenVPN client with two interfaces
In between multiple tabs, how to use Vimperator to open a tab right after the current one
Create HFS+ Partition on Existing NTFS Drive
Calculate the number of days per year between two different dates Excel [closed]
Copy files over SSH without using SCP?
Where did 100GB go?
Putting code into registry command key
primary and secondary boot loaders
Prevent boot from recovery partition