Limiting a user to scp and not ssh
Logan Kennelly
plug-discuss@lists.plug.phoenix.az.us
Thu, 20 Jun 2002 14:36:36 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 20 June 2002 01:34 pm, Bill Warner wrote:
> I didn't think you needed to have a valid shell to run scp.
You need a valid shell to do anything with ssh. Essentially, scp and sftp
are wrappers for ssh that call '$SHELL -c scp/sftp'.
With the commercial ssh, there is a program called ssh-dummy-shell, but this
program is not available with OpenSSH. The following "shell" should do the
same thing. Note that it only allows scp and not sftp connections.
- --------
#include <string.h>
int main(int argc, char** argv) {
if (--argc == 2 && strcmp("-c", *++argv) == 0 &&
strcmp("scp", *++argv) == 0) {
execl(SFTPSERVERPATH, SFTPSERVERPATH, NULL);
}
exit(0);
}
- --------
Note that I have _not_ tested the above code, so wait for the reviews to
poor in. ;-)
- --
Logan Kennelly
,,,
(. .)
- --ooO-(_)-Ooo--
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9EkrqpNoctRtUIRQRAlkLAJ9MwNIusTLfWvOHdny/e0FqAFF4jwCcCxu3
Gj0XkEuJv2Vq/ATl7lfLUj4=
=1IX0
-----END PGP SIGNATURE-----