Limiting a user to scp and not ssh

plug-discuss@lists.plug.phoenix.az.us plug-discuss@lists.plug.phoenix.az.us
Thu, 20 Jun 2002 14:10:24 -0700 

How about this:
    - Set the user's shell to /bin/false
    - Edit your sshd.conf file to allow logins without a valid shell
    
The results should allow you to run scp to copy files, but when ssh is run,
it will start /bin/false as the default shell -- thereby immediately logging
you out again.

-- 
Thomas "Mondoshawan" Tate
mondoshawan@tank.dyndns.org
http://tank.webhop.org

On Thu, Jun 20, 2002 at 01:34:50PM -0700, Bill Warner wrote:
> I didn't think you needed to have a valid shell to run scp.
> 
> sorry
> 
> Bill W
> 
> On Thu, 2002-06-20 at 09:57, Matt Alexander wrote:
> > Uhhh...  but I want them to be able to scp to my box.  If I set their
> > shell to /bin/false, they can't scp in.
> > 
> > 
> > On 20 Jun 2002, Bill Warner wrote:
> > 
> > > Your probably better off just setting there shell to /bin/false in
> > > /etc/passwd.
> > >
> > > If there is every any kind of security hole in scp that someone could
> > > exploit they could get in to your box with your current setup.
> > 
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
> > post to the list quickly and you use Netscape to write mail.
> > 
> > PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> -- 
> Bill Warner
> Unix/Linux Admin.
> Direct Alliance Corporation
> 
> Company required stuff:
> 
> Contents are Direct Alliance Corporation Confidential
> 
> This message is for the designated recipient(s) only and contains
> Direct Alliance Corporation privileged and confidential information.
> If you have received it in error, please notify the sender immediately
> and delete the original. Any other use of this email is prohibited.
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss