allowing scp but not ssh (here's how)
Scott Prive
Scott.Prive at
Fri Jul 26 10:15:51 EDT 2002
Really? I attempted to defeat this using your menthod, and I failed. Did I miss a step?
1) Create the environment file on another machine
$ cat .bash_profile
export PATH
2) copy it over (tried both .bash_profile and .bashrc).
NOTE that rbash at the other end, seems to parse the file right away, and barf
(The funny "Administrator" shell prompt here is a side effect of running Cygwin on my NT box)
Administrator at PRIVES ~/temp-area
$ scp .bash_profile qatest at tower15:/sfs/qatest/.bash_profile
qatest at tower15's password:
rbash: export: `/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin:/sfs/
qatest/bin': not a valid identifier
.bash_profile 100% |************************************************************| 95 00:00
Administrator at PRIVES ~/temp-area
$ scp .bash_profile qatest at tower15:/sfs/qatest/.bashrc
qatest at tower15's password:
rbash: export: `/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin:/sfs/
qatest/bin': not a valid identifier
.bash_profile 100% |************************************************************| 95 00:00
3) Attempt remote ssh login
Administrator at PRIVES ~/temp-area
$ ssh qatest at tower15
qatest at tower15's password:
We're sorry, but you do not have shell access to this machine.
Please contact the system administrator for support.
Connection to tower15 closed.
Administrator at PRIVES ~/temp-area
Did I miss something Alex, or does your circumvention method perhaps not work with rbash as the shell?
-----Original Message-----
From: Alex Pennace [mailto:alex at]
Sent: Thursday, July 25, 2002 5:19 PM
To: Scott Prive
Cc: Struts User; discuss at
Subject: Re: allowing scp but not ssh (here's how)
On Thu, Jul 25, 2002 at 04:39:41PM -0400, Scott Prive wrote:
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> NOW, since I can't ssh into the box as qatest...
> $ ssh root at tower15 grep qatest /etc/passwd
> root at tower15's password:
> Account:/sfs/qatest:/bin/rbash
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
To work around this, use scp to copy a shell script to qatest's
~/.bashrc and ~/.bash_profile that sets PATH to something normal, like
/bin:/usr/bin:/usr/local/bin. Shell access should be restored.
More information about the Discuss
mailing list