Hello List. i’m trying to setup a limited SSH server with SFTP. The requirements: - There are users to whom only SFTP should be available. (sftp-only group) - There are users to whom SFTP and shell access should be available (admin group) - SFTP clients have to authenticate with username and password - shell users have to authenticate with private key. I put Into the sshd_config global section: PasswordAuthentication no and the end of the sshd_config: Subsystem sftp internal-sftp Match Group admin AllowTCPForwarding yes X11Forwarding yes ForceCommand bash Match Group sftp-only PasswordAuthentication yes AllowTCPForwarding no X11Forwarding no ForceCommand internal-sftp This config works well for SFTP users … but if a user is a member of both group, the SFTP client fails to connect. Obviously because of the ForceCommand. Is there a way to achieve the requirements above? Is there a way to create rules according to connection type? I mean … is there any difference within the connection/authentication between eg. PuTTy and FileZilla? Thank you, Csaba
<<attachment: winmail.dat>>
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev