Re: Creating account with SCP ONLY

From: Eric W. Bates (ericx_at_vineyard.net)
Date: 08/21/03

  • Next message: P. Lozancic: "Re: Thank you!" 
    To: "Eric W. Bates" <ericx@vineyard.net>, "Andrew Thompson" <andy@fud.org.nz>, "Ralph Forsythe" <rf-list@centerone.com>
Date: Thu, 21 Aug 2003 12:55:22 -0400

    Fixed.

    The port doesn't work unless you set at least one of the Makefile options.

    ----- Original Message -----
    From: "Eric W. Bates" <ericx@vineyard.net>
    To: "Andrew Thompson" <andy@fud.org.nz>; "Ralph Forsythe" <rf-list@centerone.com>
    Cc: <freebsd-isp@freebsd.org>
    Sent: Thursday, August 21, 2003 10:46 AM
    Subject: Re: Creating account with SCP ONLY


    >
    > ----- Original Message -----
    > From: "Andrew Thompson" <andy@fud.org.nz>
    > To: "Ralph Forsythe" <rf-list@centerone.com>
    > Cc: <freebsd-isp@freebsd.org>
    > Sent: Thursday, August 21, 2003 1:30 AM
    > Subject: Re: Creating account with SCP ONLY
    >
    >
    > > On Thu, 2003-08-21 at 17:25, Ralph Forsythe wrote:
    > > > Since we're talking about limiting ssh access right now... I need to
    > > > create user accounts that cannot use the shell, but can still move files
    > > > around via scp/sftp. We have FTP disabled, and as we start to bring users
    > > > online I do not want them having shell capabilities for security reasons.
    > > >
    > >
    > > /usr/ports/shells/scponly
    >
    > I was interested to learn of this port and we tried it this morning.; but we can't make it work.
    >
    > Setting debug level 2 in /usr/local/etc/scponly/debuglevel we get denied:
    >
    > ** ericx@king1 ** ~ ** Thu Aug 21 10:40:55
    > $ scp bdrtest@k2:/usr/local/customers/customers.king2/bdrtest/personal/foo.txt .
    > bdrtest@king2.vineyard.net's password:
    > [48256]: 3 arguments in total.
    > [48256]: arg 0 is scponly
    > [48256]: arg 1 is -c
    > [48256]: arg 2 is scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt
    > [48256]: opened log at LOG_AUTHPRIV, opts 0x00000029
    > [48256]: retrieved home directory of "/usr/local/customers/customers.king2/./bdrtest" for user "bdrtest"
    > [48256]: setting uid to 3575
    > [48256]: processing request: "scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt"
    >
    > [48256]: denied request: scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt [username: bdrtest(3575), IP/port: 204.17.195.90 1483 22]
    >
    > Apparantly this question has been asked on the scponly mailing list; but never answered.
    >
    > > _______________________________________________
    > > freebsd-isp@freebsd.org mailing list
    > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
    > >


    --------------------------------------------------------------------------------


    > _______________________________________________
    > freebsd-isp@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
    >

    _______________________________________________
    freebsd-isp@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

  • Next message: P. Lozancic: "Re: Thank you!"

    Relevant Pages