"Richard E. Silverman" <res@qoxp.net> wrote in message
news:m2zm9iq7dy.fsf@darwin.oankali.net...
>>>>>> "AJ" == Alun Jones <alun@texis.invalid> writes:
>
> AJ> SSH stands for "Secure SHell" - as such, it establishes a secured
> AJ> connection for a logon shell. Unless your FTP users are
> AJ> significantly trusted, you don't want them running commands on
> AJ> your system, so you won't want them connecting to SSH. Same for
> AJ> SFTP, which is simply a file transfer mechanism added on top of
> AJ> SSH (i.e. you need SSH in order to implement SFTP - so SFTP users
> AJ> are SSH users and can log on and issue commands)
>
> This is not necessarily true. sftp uses an SSH subsystem to start the
> sftp server. Some SSH servers allow you to specify that certain users may
> only initiate subsystems and not exec or shell channels. Even in those
> that don't, you can make the account shell something which will only run
> sftp-server.

Thanks for the correction.

I'm still inclined to suggest that if you don't want to provide shell
access, it's more secure to rely on software that doesn't have shell access
as a feature, than to rely on one that can be configured not to provide it.

Alun.
~~~~