Centrify in an AD environment to allow users sftp access but nopt allow those users ssh access?
2 weeks ago
Apart from the root user (or any others spcifically listed) is there a way in a Centrify/AD environment to allow users sftp access but not allow those users ssh access?
a week ago
Welcome to the Centrify community!
Please see the following test I have:
On the Windows / Access manager console side:
1) Create a group where you want to grant member of this group sftp only permission
2) You could grant sftp role at either zone or at the machine level. Grant the predefined "sftp" role to the group just created.
3) Add sftp user as member of new group
On the sftp server side:
1) On server, update /etc/centrifydc/ssh/sshd_config file:
Subsystem sftp /usr/share/centrifydc/libexec/sftp-server
#Subsystem sftp internal-sftp
#Subsystem sftp /usr/share/centrifydc/libexec/sftp-server
Subsystem sftp internal-sftp
2) restart centrify sshd service
Now test member of the sftp group can only sftp to server but not able to login.
Hope it helps. Thank you!