allowing scp but not ssh
Cole Tuininga
colet at code-energy.com
Tue Jul 23 07:10:03 EDT 2002
On Mon, 2002-07-22 at 17:04, Struts User wrote:
> How do I configure my Redhat 7.3 box so that users can scp files but
> not ssh into their accounts? I tried setting their shell field in
> /etc/passwd to /bin/false or /sbin/nologin but both approaches also
> denied scp access.
The other option you have is something we did for Code Energy. Not only
did we want to do what you were talking about above, but we also wanted
to "chroot" folks doing the scp'ing. A guy I work with wrote a chroot
patch for sftp jails (http://www.coding-zone.com/chroot-sftp.phtml).
You set the statically compiled/chroot'd sftp binary as their shell.
Voila! No ssh shell access.
--
"Check out Snort. It sounds like a perfect match for you."
-Security Focus's "Security Basics" maillist
Cole Tuininga
Lead Developer
Code Energy, Inc
colet at code-energy.com
PGP Key ID: 0x43E5755D
More information about the Discuss
mailing list