Is ssh not safe?
Jorge Fábregas
fabregasj at prtc.net
Sat Jul 24 19:24:31 UTC 2004
On Saturday 24 July 2004 1:37 pm, Michael Sullivan wrote:
> Or is there a safer way to allow them to change
> their passwords?
Hi,
It seems that the main reason for your users to contact your server is for
uploading/retrieving files right? They don't need shell access at all. You
could change their shell on /etc/passwd (the last argument on each line) to
/bin/false ...therefore they can only use SFTP which works fine if you're
using a SSH Daemon. There are many sftp clients for Windows: FileZilla,
CuteFTP etc.
Hah? But how are they going to change their password? Without shell access I
think there's no easy way...so forger about /bin/false. I would edit
their .bashrc and place at the end two lines:
passwd
exit
This way, as soon as they enter your server (with a ssh client) they will
receive the passwd prompt..as soon as they change their password they're
kicked out. There may be some security issues here but...it is much better
than letting them inside your server. (On the .bashrc example..I did on my
machine with another user...When I got the passwd prompt..I tried to do
CTRL-C to see if I could get shell access...but I couldn't).
HTH,
Jorge
More information about the fedora-list
mailing list