Re: Creating account with SCP ONLY
From: Eric W. Bates (ericx_at_vineyard.net)
Date: 08/21/03
- Previous message: jedit-devel-admin_at_lists.sourceforge.net: "Your message to jEdit-devel awaits moderator approval"
- In reply to: Andrew Thompson: "Re: Creating account with SCP ONLY"
- Next in thread: Eric W. Bates: "Re: Creating account with SCP ONLY"
- Reply: Eric W. Bates: "Re: Creating account with SCP ONLY"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "Andrew Thompson" <andy@fud.org.nz>, "Ralph Forsythe" <rf-list@centerone.com> Date: Thu, 21 Aug 2003 10:46:41 -0400
----- Original Message -----
From: "Andrew Thompson" <andy@fud.org.nz>
To: "Ralph Forsythe" <rf-list@centerone.com>
Cc: <freebsd-isp@freebsd.org>
Sent: Thursday, August 21, 2003 1:30 AM
Subject: Re: Creating account with SCP ONLY
> On Thu, 2003-08-21 at 17:25, Ralph Forsythe wrote:
> > Since we're talking about limiting ssh access right now... I need to
> > create user accounts that cannot use the shell, but can still move files
> > around via scp/sftp. We have FTP disabled, and as we start to bring users
> > online I do not want them having shell capabilities for security reasons.
> >
>
> /usr/ports/shells/scponly
I was interested to learn of this port and we tried it this morning.; but we can't make it work.
Setting debug level 2 in /usr/local/etc/scponly/debuglevel we get denied:
** ericx@king1 ** ~ ** Thu Aug 21 10:40:55
$ scp bdrtest@k2:/usr/local/customers/customers.king2/bdrtest/personal/foo.txt .
bdrtest@king2.vineyard.net's password:
[48256]: 3 arguments in total.
[48256]: arg 0 is scponly
[48256]: arg 1 is -c
[48256]: arg 2 is scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt
[48256]: opened log at LOG_AUTHPRIV, opts 0x00000029
[48256]: retrieved home directory of "/usr/local/customers/customers.king2/./bdrtest" for user "bdrtest"
[48256]: setting uid to 3575
[48256]: processing request: "scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt"
[48256]: denied request: scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt [username: bdrtest(3575), IP/port: 204.17.195.90 1483 22]
Apparantly this question has been asked on the scponly mailing list; but never answered.
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: jedit-devel-admin_at_lists.sourceforge.net: "Your message to jEdit-devel awaits moderator approval"
- In reply to: Andrew Thompson: "Re: Creating account with SCP ONLY"
- Next in thread: Eric W. Bates: "Re: Creating account with SCP ONLY"
- Reply: Eric W. Bates: "Re: Creating account with SCP ONLY"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|