asked on
Allowing FTP,SFTP and SCP while blocking ssh
Hi,
Our requirement is to allow a user to have ftp(& also scp) access while at the same time disallowing ssh access to a SuSE Linux 9.0 box. So I created the testuser and in the /etc/passwd file changed the shell from /bin/bash to /bin/false. This did the trick for ftp .... but the problem is when I try to scp to this machine using:
scp filename testuser@www.oursite.com:
I get an error saying "lost connection".
If I use a GUI ftp client(like winscp), then the error is more descriptive, it says:
"Error skipping startup message. Your shell is probably incompatible with the application(BASH is recommended)"
Is it possible at all to allow scp while keeping ssh blocked? If yes, how?
Our requirement is to allow a user to have ftp(& also scp) access while at the same time disallowing ssh access to a SuSE Linux 9.0 box. So I created the testuser and in the /etc/passwd file changed the shell from /bin/bash to /bin/false. This did the trick for ftp .... but the problem is when I try to scp to this machine using:
scp filename testuser@www.oursite.com:
I get an error saying "lost connection".
If I use a GUI ftp client(like winscp), then the error is more descriptive, it says:
"Error skipping startup message. Your shell is probably incompatible with the application(BASH is recommended)"
Is it possible at all to allow scp while keeping ssh blocked? If yes, how?
Linux
Last Comment
CetusMOD
ASKER
I should have mentioned....we are using openssh(ver 3.7.1p2). Does this have a similar dummy-shell thing?
ASKER
Also, the user may be allowed ssh.......as long as the user cannot go anywhere except his home directory....that would also do.
That's a completely different problem, but also solvable:
http://www.linuxsecurity.com/component/option,com_weblinks/task,view/catid,155/id,113/
chroot login HOWTO
http://olivier.sessink.nl/jailkit/howtos_ssh_only.html
jailkit howto - ssh only shell in a chroot jail
http://www.linuxsecurity.com/component/option,com_weblinks/task,view/catid,155/id,113/
chroot login HOWTO
http://olivier.sessink.nl/jailkit/howtos_ssh_only.html
jailkit howto - ssh only shell in a chroot jail
ASKER
Ok...I found the simplest (and the best) solution....scponly. Here are the details:
http://www.sublimation.org/scponly/#download
Works like a charm!!
http://www.sublimation.org/scponly/#download
Works like a charm!!
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
"How do I allow a user to use scp or sftp, but not allow regular ssh (i.e. forbid getting a shell or running other programs)?"