Solved

disable ssh access

Posted on 2010-09-23
6
1,040 Views
Last Modified: 2013-12-07
I have a centos5 server that i need to give a user access to. The server houses lots of sensitive info that I don't want to the user to be able to see. All I want them to be able to do is rsync their data out of their home directory and onto their local machine. I suppose there are many ways to do this, but i'm hoping there's an easy/str8 fwd way to do it.
0
Comment
Question by:machrisod
  • 3
  • 3
6 Comments
 
LVL 11

Expert Comment

by:willettmeister
ID: 33745888
use the /etc/hosts.allow file and set it up so that you can only ssh from your network.
0
 

Author Comment

by:machrisod
ID: 33755759
is there a way to give them ssh but limit the commands they can run to just a few?
0
 
LVL 11

Expert Comment

by:willettmeister
ID: 33756086
You can give them ssh and then limit their access to the files system by having them use sudo.  That way they would only have access to the files they own and then what ever commands they are allowed to run that you specify in the sudoers file.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Accepted Solution

by:
machrisod earned 0 total points
ID: 33756177
Thanks, but I just found a more elegant solution using rssh.

1) install rssh if you don't have it.
For ex on centos:
# wget http://dag.wieers.com/rpm/packages/rssh/rssh-2.3.2-1.2.el5.rf.i386.rpm
# rpm -ivh rssh-2.3.2-1.2.el5.rf.i386.rpm
or ubuntu
$ sudo apt-get install rssh

2) add a user or mod an existing one to use rssh
new user:
# useradd -m -d /home/didi -s /usr/bin/rssh dickie
# passwd dickie
user mod:
# usermod -s /usr/bin/rssh dickie

3) tell rssh which commands can be run by users limited to rssh shell. Comment out lines like "allowrsync".
$ sudo vi /etc/rssh.conf

prettymuch i rule.

smell it.

-cap'n m@
0
 
LVL 11

Expert Comment

by:willettmeister
ID: 33756808
well with an attitude like that don't expect any more comments from me.
0
 

Author Comment

by:machrisod
ID: 33756969
thanks for the useful comment willettmeister. why is EE so full of people that cannot joke or have any fun whatsoever? did i miss the bitter personality questionnaire? i in NO way meant anything against you. i even said thanks. i just happened to answer my own question which seems common on this site. my joking attitude was towards the site not towards you. have a sweet day filled with rainbows, bro.

-me!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
Any business that wants to seriously grow needs to keep the needs and desires of an international audience of their websites in mind. Making a website friendly to international users isn’t prohibitively expensive and can provide an incredible return…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
The viewer will learn how to count occurrences of each item in an array.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now