Deny SSH access while allowing SFTP access

Nov 23, '07 07:30:00AM

Contributed by: Anonymous

I was finally able to figure out how to disable SSH access to a user account, but still allow SFTP to occur. Edit /etc/sshd_config, and add this section:

Match User sftponly
        AllowTcpForwarding no
        X11Forwarding no
        ForceCommand /usr/libexec/sftp-server -l INFO 
Replace sftponly with your short user name, then save the file and quit the editor.

[robg adds: You'll probably have to restart Remote Login in the Sharing panel to make these changes take effect, but I'm not sure of that, as I haven't tested this hint. It's categorized as an OS X Server hint, but I have no reason to think it wouldn't work in Client as well.]

Comments (4)


Mac OS X Hints
http://hints.macworld.com/article.php?story=2007110914083783