Restrict users to sftp/scp only, no interactive shell
I have a web server that I allow people to access via ftp. I'd like to allow people to sftp/scp in as well, but I do not want to give them interactive shell access via ssh. RSSH to the rescue! Once installed just set the user's shell to /usr/bin/rssh and put them in the rsshusers group.
- yum install rssh
- Add /usr/bin/rssh to /etc/shells
- Edit /etc/rssh.conf and uncomment allowscp and allowsftp
- usermod -G rsshusers -s /usr/bin/rssh whatever_username