Solved

disable ssh access

Posted on 2010-09-23
6
1,042 Views
Last Modified: 2013-12-07
I have a centos5 server that i need to give a user access to. The server houses lots of sensitive info that I don't want to the user to be able to see. All I want them to be able to do is rsync their data out of their home directory and onto their local machine. I suppose there are many ways to do this, but i'm hoping there's an easy/str8 fwd way to do it.
0
Comment
Question by:machrisod
  • 3
  • 3
6 Comments
 
LVL 11

Expert Comment

by:willettmeister
ID: 33745888
use the /etc/hosts.allow file and set it up so that you can only ssh from your network.
0
 

Author Comment

by:machrisod
ID: 33755759
is there a way to give them ssh but limit the commands they can run to just a few?
0
 
LVL 11

Expert Comment

by:willettmeister
ID: 33756086
You can give them ssh and then limit their access to the files system by having them use sudo.  That way they would only have access to the files they own and then what ever commands they are allowed to run that you specify in the sudoers file.
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 

Accepted Solution

by:
machrisod earned 0 total points
ID: 33756177
Thanks, but I just found a more elegant solution using rssh.

1) install rssh if you don't have it.
For ex on centos:
# wget http://dag.wieers.com/rpm/packages/rssh/rssh-2.3.2-1.2.el5.rf.i386.rpm
# rpm -ivh rssh-2.3.2-1.2.el5.rf.i386.rpm
or ubuntu
$ sudo apt-get install rssh

2) add a user or mod an existing one to use rssh
new user:
# useradd -m -d /home/didi -s /usr/bin/rssh dickie
# passwd dickie
user mod:
# usermod -s /usr/bin/rssh dickie

3) tell rssh which commands can be run by users limited to rssh shell. Comment out lines like "allowrsync".
$ sudo vi /etc/rssh.conf

prettymuch i rule.

smell it.

-cap'n m@
0
 
LVL 11

Expert Comment

by:willettmeister
ID: 33756808
well with an attitude like that don't expect any more comments from me.
0
 

Author Comment

by:machrisod
ID: 33756969
thanks for the useful comment willettmeister. why is EE so full of people that cannot joke or have any fun whatsoever? did i miss the bitter personality questionnaire? i in NO way meant anything against you. i even said thanks. i just happened to answer my own question which seems common on this site. my joking attitude was towards the site not towards you. have a sweet day filled with rainbows, bro.

-me!
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn by example how to specify CSS selectors for Selenium WebDriver test automation software.
Because your company can’t afford for you to make SEO mistakes, you’ll want to ensure you’re taking the right steps each and every time you post a new piece of content. This list of optimization do’s and don’ts can help you become an SEO wizard.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question