On Thursday 11 January 2007 20:15, Michel Messerschmidt wrote: > On Thu, Jan 11, 2007 at 06:55:33PM +0100, Adrian von Bidder wrote: > > Anybody has an idea if and how this is possible? The obvious but ugly > > solution would be to run a second sshd on a different port, but I'd > > rather avoid that. > > If I understand this correctly, it's not a matter of public key or > password authentication but rather to give shell access to only one > user. Wrong. I have users a, b, c, d, e. All users except e can have shell access, but beecause shell access is powerful, must not be able to log in with password, but only with public key. User e is allowed to log in with password and is restricted by rssh to only use scp, sftp or rsync so that even if that password is stolen/guessed, the attacker can at most deface the hosted web site in e's directory. Judging from the replies I've received so far I'll just end up running a 2nd sshd on port 2222 or wherever. cheers -- vbi -- Protect your privacy - encrypt your email: http://fortytwo.ch/gpg/intro
Attachment:
pgpqfUv8QQTFh.pgp
Description: PGP signature