Limiting a user to scp and not ssh

Mike plug-discuss@lists.plug.phoenix.az.us
Thu, 20 Jun 2002 12:09:53 -0500 

I seem to recall a setup which uses the keys in ssh to restrict
access. I think I read this in SysAdmin a few (many?) months ago.
Not sure if this would apply to your situation, but it may warrant
further investigation.

v/r
Mike
On Thu, Jun 20, 2002 at 09:41:07AM -0700, Bill Warner wrote:
 Your probably better off just setting there shell to /bin/false in
 /etc/passwd.
 
 If there is every any kind of security hole in scp that someone could
 exploit they could get in to your box with your current setup.
 
 Bill Warner
 
 On Wed, 2002-06-19 at 18:48, Matt Alexander wrote:
 > I'm trying to configure a box so people can scp files to it, but can't
 > actually ssh in.  I created a script named scpsh with this in it:
 > 
 > #!/bin/sh
 > #
 > exec /usr/bin/scp -t $HOME
 > 
 > 
 > Then I added scpsh to /etc/shells and made it their shell in
 > /etc/passwd.
 > So now users can use scp to copy files over just fine, but when they try
 > to ssh, it sits there until they hit a key, at which point they get:
 > 
 > scp: protocol error: unexpected <newline>
 > Connection to 1.2.3.4 closed.
 > 
 > 
 > Is this the best way to handle this?  Is there a better way that anyone
 > knows of?
 > Thanks,
 > ~M
 > 
 > ________________________________________________
 > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
 > post to the list quickly and you use Netscape to write mail.
 > 
 > PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
 > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
 -- 
 Bill Warner
 Unix/Linux Admin.
 Direct Alliance Corporation
 
 Company required stuff:
 
 Contents are Direct Alliance Corporation Confidential
 
 This message is for the designated recipient(s) only and contains
 Direct Alliance Corporation privileged and confidential information.
 If you have received it in error, please notify the sender immediately
 and delete the original. Any other use of this email is prohibited.
 
 ________________________________________________
 See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
 
 PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
 http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss