Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
[ Whoops, sent this from the wrong account the first time... ] > > How do I configure my Redhat 7.3 box so that users can scp files but not > > ssh into their accounts? > > I suspect adding the desired bogus shell to /etc/shells will solve the > problem for you. (See the shells(5) man page.) I suspect this won't work. Scp is nothing but a hardcoded command running over an ssh channel. When you scp a file to a remote host, your local host makes an ssh connection to the remote system and then runs a specific command on that remote system -- which means that you have to have a shell that, minimally, accept the '-c <command>' command line option. For example, the following command: scp file remotehost: Is largely equivilent to: ssh remotehost <shell> -c "scp -t ." Anything that prevents ssh from working will prevent scp from working, so dummy shells like /bin/false simply won't work. There are two ways to solve this problem: (1) You can create a custom shell that restricts the commands available to users connecting via ssh, or (2) If you're using key-based authentication, you can restrict connections to a particular command with options in your authorized_keys file. See the 'AUTHORIZED_KEYS FILE FORMAT' section of the sshd man page (OpenSSH 3.x; possibly 2.x). See: http://www.snailbook.com/faq/restricted-scp.auto.html For some additional information. -- Lars -- Lars Kellogg-Stedman <lars at larsshack.org>
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |