Solved

disable ssh access

Posted on 2010-09-23
6
1,044 Views
Last Modified: 2013-12-07
I have a centos5 server that i need to give a user access to. The server houses lots of sensitive info that I don't want to the user to be able to see. All I want them to be able to do is rsync their data out of their home directory and onto their local machine. I suppose there are many ways to do this, but i'm hoping there's an easy/str8 fwd way to do it.
0
Comment
Question by:machrisod
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 11

Expert Comment

by:willettmeister
ID: 33745888
use the /etc/hosts.allow file and set it up so that you can only ssh from your network.
0
 

Author Comment

by:machrisod
ID: 33755759
is there a way to give them ssh but limit the commands they can run to just a few?
0
 
LVL 11

Expert Comment

by:willettmeister
ID: 33756086
You can give them ssh and then limit their access to the files system by having them use sudo.  That way they would only have access to the files they own and then what ever commands they are allowed to run that you specify in the sudoers file.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Accepted Solution

by:
machrisod earned 0 total points
ID: 33756177
Thanks, but I just found a more elegant solution using rssh.

1) install rssh if you don't have it.
For ex on centos:
# wget http://dag.wieers.com/rpm/packages/rssh/rssh-2.3.2-1.2.el5.rf.i386.rpm
# rpm -ivh rssh-2.3.2-1.2.el5.rf.i386.rpm
or ubuntu
$ sudo apt-get install rssh

2) add a user or mod an existing one to use rssh
new user:
# useradd -m -d /home/didi -s /usr/bin/rssh dickie
# passwd dickie
user mod:
# usermod -s /usr/bin/rssh dickie

3) tell rssh which commands can be run by users limited to rssh shell. Comment out lines like "allowrsync".
$ sudo vi /etc/rssh.conf

prettymuch i rule.

smell it.

-cap'n m@
0
 
LVL 11

Expert Comment

by:willettmeister
ID: 33756808
well with an attitude like that don't expect any more comments from me.
0
 

Author Comment

by:machrisod
ID: 33756969
thanks for the useful comment willettmeister. why is EE so full of people that cannot joke or have any fun whatsoever? did i miss the bitter personality questionnaire? i in NO way meant anything against you. i even said thanks. i just happened to answer my own question which seems common on this site. my joking attitude was towards the site not towards you. have a sweet day filled with rainbows, bro.

-me!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to write a Context Sensitive Help (an online help that is obtained from a specific point in state of software to provide help with that state) ,  first we need to make the file that contains all topics, which are given exclusive IDs. …
In this article we will learn how to backup a VMware farm using Nakivo Backup & Replication. In this tutorial we will install the software on a Windows 2012 R2 Server.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question