Limiting a user to scp and not ssh

George Toft plug-discuss@lists.plug.phoenix.az.us
Thu, 20 Jun 2002 16:34:38 -0400 

I tried that, and could not scp any files.

George


Bill Warner wrote:
> 
> Your probably better off just setting there shell to /bin/false in
> /etc/passwd.
> 
> If there is every any kind of security hole in scp that someone could
> exploit they could get in to your box with your current setup.
> 
> Bill Warner
> 
> On Wed, 2002-06-19 at 18:48, Matt Alexander wrote:
> > I'm trying to configure a box so people can scp files to it, but can't
> > actually ssh in.  I created a script named scpsh with this in it:
> >
> > #!/bin/sh
> > #
> > exec /usr/bin/scp -t $HOME
> >
> >
> > Then I added scpsh to /etc/shells and made it their shell in
> > /etc/passwd.
> > So now users can use scp to copy files over just fine, but when they try
> > to ssh, it sits there until they hit a key, at which point they get:
> >
> > scp: protocol error: unexpected <newline>
> > Connection to 1.2.3.4 closed.
> >
> >
> > Is this the best way to handle this?  Is there a better way that anyone
> > knows of?
> > Thanks,
> > ~M
> >
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
> > post to the list quickly and you use Netscape to write mail.
> >
> > PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> --
> Bill Warner
> Unix/Linux Admin.
> Direct Alliance Corporation
> 
> Company required stuff:
> 
> Contents are Direct Alliance Corporation Confidential
> 
> This message is for the designated recipient(s) only and contains
> Direct Alliance Corporation privileged and confidential information.
> If you have received it in error, please notify the sender immediately
> and delete the original. Any other use of this email is prohibited.
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

--
If you feel you have received a virus from me, please read
	http://www.georgetoft.com/virus.html
because it wasn't me!
--