Limiting a user to scp and not ssh
plug-discuss@lists.plug.phoenix.az.us
plug-discuss@lists.plug.phoenix.az.us
Thu, 20 Jun 2002 14:10:24 -0700
How about this:
- Set the user's shell to /bin/false
- Edit your sshd.conf file to allow logins without a valid shell
The results should allow you to run scp to copy files, but when ssh is run,
it will start /bin/false as the default shell -- thereby immediately logging
you out again.
--
Thomas "Mondoshawan" Tate
mondoshawan@tank.dyndns.org
http://tank.webhop.org
On Thu, Jun 20, 2002 at 01:34:50PM -0700, Bill Warner wrote:
> I didn't think you needed to have a valid shell to run scp.
>
> sorry
>
> Bill W
>
> On Thu, 2002-06-20 at 09:57, Matt Alexander wrote:
> > Uhhh... but I want them to be able to scp to my box. If I set their
> > shell to /bin/false, they can't scp in.
> >
> >
> > On 20 Jun 2002, Bill Warner wrote:
> >
> > > Your probably better off just setting there shell to /bin/false in
> > > /etc/passwd.
> > >
> > > If there is every any kind of security hole in scp that someone could
> > > exploit they could get in to your box with your current setup.
> >
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
> > post to the list quickly and you use Netscape to write mail.
> >
> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> --
> Bill Warner
> Unix/Linux Admin.
> Direct Alliance Corporation
>
> Company required stuff:
>
> Contents are Direct Alliance Corporation Confidential
>
> This message is for the designated recipient(s) only and contains
> Direct Alliance Corporation privileged and confidential information.
> If you have received it in error, please notify the sender immediately
> and delete the original. Any other use of this email is prohibited.
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss