Re: Creating account with SCP ONLY
From: Eric W. Bates (ericx_at_vineyard.net)
Date: 08/21/03
- Previous message: Eric W. Bates: "Re: Creating account with SCP ONLY"
- In reply to: Eric W. Bates: "Re: Creating account with SCP ONLY"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "Eric W. Bates" <ericx@vineyard.net>, "Andrew Thompson" <andy@fud.org.nz>, "Ralph Forsythe" <rf-list@centerone.com> Date: Thu, 21 Aug 2003 12:55:22 -0400
Fixed.
The port doesn't work unless you set at least one of the Makefile options.
----- Original Message -----
From: "Eric W. Bates" <ericx@vineyard.net>
To: "Andrew Thompson" <andy@fud.org.nz>; "Ralph Forsythe" <rf-list@centerone.com>
Cc: <freebsd-isp@freebsd.org>
Sent: Thursday, August 21, 2003 10:46 AM
Subject: Re: Creating account with SCP ONLY
>
> ----- Original Message -----
> From: "Andrew Thompson" <andy@fud.org.nz>
> To: "Ralph Forsythe" <rf-list@centerone.com>
> Cc: <freebsd-isp@freebsd.org>
> Sent: Thursday, August 21, 2003 1:30 AM
> Subject: Re: Creating account with SCP ONLY
>
>
> > On Thu, 2003-08-21 at 17:25, Ralph Forsythe wrote:
> > > Since we're talking about limiting ssh access right now... I need to
> > > create user accounts that cannot use the shell, but can still move files
> > > around via scp/sftp. We have FTP disabled, and as we start to bring users
> > > online I do not want them having shell capabilities for security reasons.
> > >
> >
> > /usr/ports/shells/scponly
>
> I was interested to learn of this port and we tried it this morning.; but we can't make it work.
>
> Setting debug level 2 in /usr/local/etc/scponly/debuglevel we get denied:
>
> ** ericx@king1 ** ~ ** Thu Aug 21 10:40:55
> $ scp bdrtest@k2:/usr/local/customers/customers.king2/bdrtest/personal/foo.txt .
> bdrtest@king2.vineyard.net's password:
> [48256]: 3 arguments in total.
> [48256]: arg 0 is scponly
> [48256]: arg 1 is -c
> [48256]: arg 2 is scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt
> [48256]: opened log at LOG_AUTHPRIV, opts 0x00000029
> [48256]: retrieved home directory of "/usr/local/customers/customers.king2/./bdrtest" for user "bdrtest"
> [48256]: setting uid to 3575
> [48256]: processing request: "scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt"
>
> [48256]: denied request: scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt [username: bdrtest(3575), IP/port: 204.17.195.90 1483 22]
>
> Apparantly this question has been asked on the scponly mailing list; but never answered.
>
> > _______________________________________________
> > freebsd-isp@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
> >
--------------------------------------------------------------------------------
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Eric W. Bates: "Re: Creating account with SCP ONLY"
- In reply to: Eric W. Bates: "Re: Creating account with SCP ONLY"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
