Debian – How to change SFTP password without allowing SSH login

debianpassword-managementsftpssh

I am running Debian server as an SFTP data storage for multiple users. I didn't allow users to login via ssh. Is there any way to users to change their password? Mostly they are using WinSCP client.

I have tried to expire their passwords but WinSCP didn't prompt them to change it.

Any ideas?

Best Answer

Well… SFTP is file transfer protocol and does not support any user management (password change) so in short, it is not possible in SFTP.

Only possibility is to allow SSH access only in order to change the password (eg. use ForceCommand with proxy selecting between sftp-server and passwd command), such as:

#!/bin/sh
# Script: /usr/local/bin/wrapper.sh 

case "$SSH_ORIGINAL_COMMAND" in
    "/path/to/sftp-server")
        /path/to/sftp-server
        ;;
    "passwd")
        passwd
        ;;
    *)
        echo "Sorry. Only passwd to change password or sftp is allowed"
        exit 1
        ;;
esac

Related Solutions

Linux – Is there a way to log into a machine using SSH without password

Key-based authentication is the way to go. Not only is it easier than password auth when configured, but it is much more secure and is easily integrated into automated scripts. There is tons of literature out there on the subject -- to get you started:

https://hkn.eecs.berkeley.edu/~dhsu/ssh_public_key_howto.html

Macos – SSH remote login without password is very slow

Set the following value in /etc/ssh_config:

AddressFamily inet

(You can set it in ~/.ssh/config as well.)

The reason is that ssh is trying to do IPv6 negotiation, which apparently fails after a timeout, which happened to me after migration to a new Lion (10.7.4) MacBook Pro.

Best Answer

Related Solutions

Linux – Is there a way to log into a machine using SSH without password

Macos – SSH remote login without password is very slow

Related Question