| Author |
Message |
Syn
*nix forums addict
Joined: 16 Mar 2005
Posts: 55
|
 Posted: Fri Jul 14, 2006 9:25 am Post subject:
Allow user to SCP but not to SSH
|
|
|
Hello,
I would like to create a user account where the user can transfer files
using scp but he shouldn't be allowed to login using SSH or running any
other commands. I've found this in the SnailBook FAQ:
http://www.snailbook.com/faq/restricted-scp.auto.html
But unfortunately there is no examples and how to acheive this. It only
mentions: "The simplest way to do this is to make the target account
special-purpose, by giving it a shell which only allows runing the
file-transfer server."
Does anyone know how I can acheive this ?
Many thanks
Regards |
|
| Back to top |
|
 |
Newbie
*nix forums beginner
Joined: 09 Jan 2006
Posts: 5
|
| Posted: Fri Jul 14, 2006 9:33 am Post subject:
Re: Allow user to SCP but not to SSH
|
|
|
syn_NOSPAM_uw wrote:
| Quote: | Hello,
I would like to create a user account where the user can transfer files
using scp but he shouldn't be allowed to login using SSH or running any
other commands.
|
http://www.sublimation.org/scponly/
--
Hi, I'm a .signature virus! Copy me to your .signature file and
help me propagate, thanks! |
|
| Back to top |
|
|
the other guy
*nix forums beginner
Joined: 13 May 2005
Posts: 23
|
| Posted: Fri Jul 14, 2006 10:01 am Post subject:
Re: Allow user to SCP but not to SSH
|
|
|
syn_NOSPAM_uw <syn_NOSPAM_uw@hotmail.com> wrote:
| Quote: | Hello,
I would like to create a user account where the user can transfer files
using scp but he shouldn't be allowed to login using SSH or running any
other commands. I've found this in the SnailBook FAQ:
http://www.snailbook.com/faq/restricted-scp.auto.html
But unfortunately there is no examples and how to acheive this. It only
mentions: "The simplest way to do this is to make the target account
special-purpose, by giving it a shell which only allows runing the
file-transfer server."
Does anyone know how I can acheive this ?
|
put this in their authorized_keys file before the actual key:
no-pty,
This will grant the user no interactive shell. It won't prevent him to do f.i.
ssh host ls -l
To prevent the file from overwriting you can flag it system immutable (schg)
with chflags.
Peter
--
http://www.boosten.org
Mail: peter at boosten dot org |
|
| Back to top |
|
|
Syn
*nix forums addict
Joined: 16 Mar 2005
Posts: 55
|
| Posted: Fri Jul 14, 2006 11:10 am Post subject:
Re: Allow user to SCP but not to SSH
|
|
|
Newbie wrote:
| Quote: | http://www.sublimation.org/scponly/
|
Wow this is a great tool, many thanks!
Do you maybe know how I can with scponly log the transfered files ?
Currently I only see a login attemp being logged nothing else.
Regards |
|
| Back to top |
|
|
Tim Judd
*nix forums beginner
Joined: 06 Jun 2006
Posts: 19
|
| Posted: Tue Jul 18, 2006 3:05 am Post subject:
Re: Allow user to SCP but not to SSH
|
|
|
syn_NOSPAM_uw wrote:
| Quote: | Hello,
I would like to create a user account where the user can transfer files
using scp but he shouldn't be allowed to login using SSH or running any
other commands. I've found this in the SnailBook FAQ:
http://www.snailbook.com/faq/restricted-scp.auto.html
But unfortunately there is no examples and how to acheive this. It only
mentions: "The simplest way to do this is to make the target account
special-purpose, by giving it a shell which only allows runing the
file-transfer server."
Does anyone know how I can acheive this ?
Many thanks
Regards
|
add user,
shell: /sbin/nologin
change password (if needed).
Not tried, but logically would work. |
|
| Back to top |
|
|
Martin Gagnon
*nix forums beginner
Joined: 06 Dec 2005
Posts: 15
|
| Posted: Tue Jul 18, 2006 11:47 am Post subject:
Re: Allow user to SCP but not to SSH
|
|
|
On 2006-07-18, Tim Judd <tjudd01@hotmail.com> wrote:
| Quote: | syn_NOSPAM_uw wrote:
Hello,
I would like to create a user account where the user can transfer files
using scp but he shouldn't be allowed to login using SSH or running any
other commands. I've found this in the SnailBook FAQ:
http://www.snailbook.com/faq/restricted-scp.auto.html
But unfortunately there is no examples and how to acheive this. It only
mentions: "The simplest way to do this is to make the target account
special-purpose, by giving it a shell which only allows runing the
file-transfer server."
Does anyone know how I can acheive this ?
Many thanks
Regards
add user,
shell: /sbin/nologin
change password (if needed).
Not tried, but logically would work.
|
I've tried.. it's work..
you may want to disable ftp access for that user if you running a ftp
daemon by adding that user into "/etc/ftpusers".
--
Martin |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
BSD
»
OpenBSD
