|
|
Solaris 10 sftp problem
Greetings:
This problem may occur with older versions of Solaris, but I noticed it
under Solaris 10. It appears that unless a user has a shell that allows
interactive logins, he cannot connect to a machine using sftp. We have a
Solaris host that we normally assign a login shell of /bin/date so that the
user cannot log in interactively. But when that user tries to use sftp from
another host, he gets this message: "Couldn't read packet: Bad file number".
If I assign him a shell that can log in interactively, it works. Can someone
suggest a workaround? I would like for students to be able to use sftp, but
I do not want to allow interactive logins. Thanks...
Jim McCullars
|
|
0
|
|
|
|
Reply
|
 jim
|
4/13/2006 8:59:56 PM |
|
On 13 Apr 2006 15:59:56 -0500 in <e1me4c$qf8$1@info2.uah.edu>,
Jim McCullars said something similar to:
> This problem may occur with older versions of Solaris, but I noticed it
> under Solaris 10. It appears that unless a user has a shell that allows
> interactive logins, he cannot connect to a machine using sftp. We have a
> Solaris host that we normally assign a login shell of /bin/date so that the
> user cannot log in interactively. But when that user tries to use sftp from
> another host, he gets this message: "Couldn't read packet: Bad file number".
> If I assign him a shell that can log in interactively, it works. Can someone
> suggest a workaround? I would like for students to be able to use sftp, but
> I do not want to allow interactive logins. Thanks...
The ssh server is invoking the sftp-server program through the user's shell,
e.g.: '/bin/sh -c /usr/lib/ssh/sftp-server' for a user with /bin/sh as his
login shell. So in order to restrict the account to sftp only, you need
to set the user's shell to a program which will handle -c /path/to/sftp-server
properly, but simply exit if invoked with any other arguments or no arguments
at all.
|
|
|
0
|
|
|
|
Reply
|
Mike
|
4/13/2006 10:34:18 PM
|
|
Mike Delaney (mdelan@computer.org) wrote:
: The ssh server is invoking the sftp-server program through the user's shell,
: e.g.: '/bin/sh -c /usr/lib/ssh/sftp-server' for a user with /bin/sh as his
Ah, didn't realize that's how sftp works. Thanks for the heads-up.
Jim McCullars
|
|
|
0
|
|
|
|
Reply
|
jim
|
4/17/2006 9:11:40 PM
|
|
|
2 Replies
782 Views
(page loaded in 0.113 seconds)
|
|
|
|
|
|
|
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
25729 articles. 
78 followers. 