|
|
|
|
|
|
by effie
1018 days ago
|
|
|
Thank you, this seems to prevent client getting shell on the server, while allowing it to make SSHFS mounts. I've put /usr/sbin/nologin into client's row in /etc/passwd on the server as well (/dev/null would break everything including SSHFS). Is there some way to specify that nothing except internal-sftp is allowed, as opposed to setting each option explicitly to "no"? The latter way seems error-prone, one is bound to miss some obscure option there. And I wonder why do you suggest using the LOCAL6 log facility? In sftp-server, the default is AUTH... |
|
|