Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

disable ssh access

Posted on 2010-09-23
6
Medium Priority
?
1,056 Views
Last Modified: 2013-12-07
I have a centos5 server that i need to give a user access to. The server houses lots of sensitive info that I don't want to the user to be able to see. All I want them to be able to do is rsync their data out of their home directory and onto their local machine. I suppose there are many ways to do this, but i'm hoping there's an easy/str8 fwd way to do it.
0
Comment
Question by:machrisod
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 11

Expert Comment

by:willettmeister
ID: 33745888
use the /etc/hosts.allow file and set it up so that you can only ssh from your network.
0
 

Author Comment

by:machrisod
ID: 33755759
is there a way to give them ssh but limit the commands they can run to just a few?
0
 
LVL 11

Expert Comment

by:willettmeister
ID: 33756086
You can give them ssh and then limit their access to the files system by having them use sudo.  That way they would only have access to the files they own and then what ever commands they are allowed to run that you specify in the sudoers file.
0
Plesk WordPress Toolkit

Plesk's WordPress Toolkit allows server administrators, resellers and customers to manage their WordPress instances, enabling a variety of development workflows for WordPress admins of all skill levels, from beginners to pros.

See why 2/3 of Plesk servers use it.

 

Accepted Solution

by:
machrisod earned 0 total points
ID: 33756177
Thanks, but I just found a more elegant solution using rssh.

1) install rssh if you don't have it.
For ex on centos:
# wget http://dag.wieers.com/rpm/packages/rssh/rssh-2.3.2-1.2.el5.rf.i386.rpm
# rpm -ivh rssh-2.3.2-1.2.el5.rf.i386.rpm
or ubuntu
$ sudo apt-get install rssh

2) add a user or mod an existing one to use rssh
new user:
# useradd -m -d /home/didi -s /usr/bin/rssh dickie
# passwd dickie
user mod:
# usermod -s /usr/bin/rssh dickie

3) tell rssh which commands can be run by users limited to rssh shell. Comment out lines like "allowrsync".
$ sudo vi /etc/rssh.conf

prettymuch i rule.

smell it.

-cap'n m@
0
 
LVL 11

Expert Comment

by:willettmeister
ID: 33756808
well with an attitude like that don't expect any more comments from me.
0
 

Author Comment

by:machrisod
ID: 33756969
thanks for the useful comment willettmeister. why is EE so full of people that cannot joke or have any fun whatsoever? did i miss the bitter personality questionnaire? i in NO way meant anything against you. i even said thanks. i just happened to answer my own question which seems common on this site. my joking attitude was towards the site not towards you. have a sweet day filled with rainbows, bro.

-me!
0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question