No shell for SFTP?

The SCP/SFTP information page states following for SFTP:
"Unlike SCP, for connection with SSH server, you do not need access to shell. "

How do I make this possible? I tried with different settings on a linux server but I cannot login without a shell configured for the user. Can somebody help me with this, or explain what is meant with the above statement?

By the sentence abouve, I have rather meant, that WinSCP does not require the shell itself. Wrong wording, I'm sorry. It is platform dependent, whether user needs to have shell access to run sftp-server. At least OpenSSH requires shell access for this. But the only thing that the shell do is that it launches sftp-server binary. So you may setup restricted shell, which allows only this. You may also setup forced command associated with private key. This page (<invalid hyperlink removed by admin>) may also help you.

Thanks, my researches pointed in this direction.

There are two existing good solutions as I see it. Using the rssh shell or scponly shell. Both shells enables scp and sftp only. Rssh seems more secure, but does not allow Winscp to connect in scp mode, only in sftp. The good thing with scponly, they have a nice jail script for chroot.

We have currently a server with scponly installed and it seems running fine. The sftp feature in Winscp is very welcome! Thanks.

Links:
http://www.pizzashack.org/rssh/
<invalid hyperlink removed by admin>

I know this is an old thread, but I have the same issue and could do with some clarification...

I have used rssh to allow only SCP and SFTP to a server. SFTP weorks fine, as does SCP from a linux box, but using winSCP it fails, with the server logs showing winSCP tried to open a shell and failed.

Any idea what the problem is? Shouldn't SCP work without a shall, as it does from Linux?

dbrb2 wrote:

I know this is an old thread, but I have the same issue and could do with some clarification...

I have used rssh to allow only SCP and SFTP to a server. SFTP weorks fine, as does SCP from a linux box, but using winSCP it fails, with the server logs showing winSCP tried to open a shell and failed.

Any idea what the problem is? Shouldn't SCP work without a shall, as it does from Linux?

Please read documentation:
https://winscp.net/eng/docs/requirements#scp

If that does not help, come back.

Thanks - I had seen that - so the issue is that whilst a shell is not required for an SCP transfer, winSCP requires it because it tries to give a directory listing (which a command line transfer from linux does not) - which it can't do unless a shell is available?

I don't suppose there is any way to configure winSCP to live with file transfer only, in situations where a shell is unavailable?

Thanks - I had seen that - so the issue is that whilst a shell is not required for an SCP transfer, winSCP requires it because it tries to give a directory listing (which a command line transfer from linux does not) - which it can't do unless a shell is available?

Correct.

I don't suppose there is any way to configure winSCP to live with file transfer only, in situations where a shell is unavailable?

What's a point of using GUI SFTP client, if you cannot see the files you work with? How would that even work?