rksh is available on AIX 5.x, and it works fine with ssh and scp, however it does not allow you to cd (including subdirectories) and doe not allow you to run a command with a leading "/", so you can not spawn the sftp process. -----Original Message----- From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Jeremy C. Reed Sent: Tuesday, November 20, 2007 11:03 AM To: Rob Sherry Cc: secureshell@xxxxxxxxxxxxxxxxx; secureshell-return-9680@xxxxxxxxxxxxxxxxx Subject: Re: Restricted (ksh -r) shell and SSH on AIX5.1 > Set user's shell to /usr/bin/ksh -r) > > Now, every time he tries to log in via either ssh *or* sftp, I get the > following showing up in the syslog: > > Nov 19 10:21:09 hostname sshd[811106]: User bogus not allowed because > shell /usr/bin/ksh -r is not executable It is literally with a space and -r. You don't use command line arguments in the passwd(5) file. > Anyone have any ideas? Am I missing something stupidly simple? (and > yes, /usr/bin/ksh *is* executable) ls -l "/usr/bin/ksh -r" Maybe you can make a script rksh that runs ksh -r. Some systems already have a rksh for restricted ksh. (Check if you already have rksh.)