[C.J. Moof]

I'm fortunate enough to have an Xserve as my company file server. Since I'd like to open it up to access from the WAN, I'd prefer server connections to be done over SSH instead of AFP.

I'd rather not give command line access to my user's accounts, just because they don't need it, and it's one more place a hacker could hack at to have their fun. However, if I disable their shells, they can't mount the file server over SSH.

Is there a way I can allow SSH exclusively for file access from the Finder, and not as an interactive shell? Jag seems to have been going through the motions when asking for a SSH connection- if refused, it fell back to AFP silently. Panther just up and says login refused. On the server console it explains "user not allowed because shell dev/null is not executable".

[Rainy Day]

Is there a way I can allow SSH exclusively for file access from the Finder, and not as an interactive shell?

It is possible to limit ssh to certain commands (or to block certain commands, however this is less secure). man ssh_config has some info, although it doesn't seem to get into the nitty gritty of it. I suggest Googling around a bit. Also, some books on ssh talk about how to go about this, and raise some security concerns you might not have thought about.