Re: Creating account with SCP ONLY
From: Eric W. Bates (ericx_at_vineyard.net)
Date: 08/21/03
- Previous message: Eric W. Bates: "Re: Creating account with SCP ONLY"
- In reply to: Eric W. Bates: "Re: Creating account with SCP ONLY"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "Eric W. Bates" <ericx@vineyard.net>, "Andrew Thompson" <andy@fud.org.nz>, "Ralph Forsythe" <rf-list@centerone.com> Date: Thu, 21 Aug 2003 12:55:22 -0400
Fixed.
The port doesn't work unless you set at least one of the Makefile options.
----- Original Message -----
From: "Eric W. Bates" <ericx@vineyard.net>
To: "Andrew Thompson" <andy@fud.org.nz>; "Ralph Forsythe" <rf-list@centerone.com>
Cc: <freebsd-isp@freebsd.org>
Sent: Thursday, August 21, 2003 10:46 AM
Subject: Re: Creating account with SCP ONLY
>
> ----- Original Message -----
> From: "Andrew Thompson" <andy@fud.org.nz>
> To: "Ralph Forsythe" <rf-list@centerone.com>
> Cc: <freebsd-isp@freebsd.org>
> Sent: Thursday, August 21, 2003 1:30 AM
> Subject: Re: Creating account with SCP ONLY
>
>
> > On Thu, 2003-08-21 at 17:25, Ralph Forsythe wrote:
> > > Since we're talking about limiting ssh access right now... I need to
> > > create user accounts that cannot use the shell, but can still move files
> > > around via scp/sftp. We have FTP disabled, and as we start to bring users
> > > online I do not want them having shell capabilities for security reasons.
> > >
> >
> > /usr/ports/shells/scponly
>
> I was interested to learn of this port and we tried it this morning.; but we can't make it work.
>
> Setting debug level 2 in /usr/local/etc/scponly/debuglevel we get denied:
>
> ** ericx@king1 ** ~ ** Thu Aug 21 10:40:55
> $ scp bdrtest@k2:/usr/local/customers/customers.king2/bdrtest/personal/foo.txt .
> bdrtest@king2.vineyard.net's password:
> [48256]: 3 arguments in total.
> [48256]: arg 0 is scponly
> [48256]: arg 1 is -c
> [48256]: arg 2 is scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt
> [48256]: opened log at LOG_AUTHPRIV, opts 0x00000029
> [48256]: retrieved home directory of "/usr/local/customers/customers.king2/./bdrtest" for user "bdrtest"
> [48256]: setting uid to 3575
> [48256]: processing request: "scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt"
>
> [48256]: denied request: scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt [username: bdrtest(3575), IP/port: 204.17.195.90 1483 22]
>
> Apparantly this question has been asked on the scponly mailing list; but never answered.
>
> > _______________________________________________
> > freebsd-isp@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
> >
--------------------------------------------------------------------------------
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Eric W. Bates: "Re: Creating account with SCP ONLY"
- In reply to: Eric W. Bates: "Re: Creating account with SCP ONLY"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
- RE: Mysterious "Support" account created on Win2k server
... Once a worm/trojan or an attacker successfully connect to a system via port ...
Once a system is compromised with an administrator account, ... > for guessing admin
ids and passwords. ... (Incidents) - RE: Mysterious "Support" account created on Win2k server
... port 445 worm/virus/Trojans are the ones spread via SMB over TCP, port 445, ...
Mysterious "Support" account created on Win2k server ... > For more information on this
free incident handling, ... > and tracking system please see: http://aris.securityfocus.com
... (Incidents) - Re: Freecycle leads to Yahoo email woes
... to get a Yahoo Account ID plus Password plus email address. ... From memory
it involved reasonably standard pop and smtp server names ... but SSL port numbers.
... (uk.people.silversurfers) - Re: Is QM a "low end" product?
... We have a conversion guide in the documentation set. ... setup and port
to OpenQM when - like me - you have ... specific account but this is optional. ...
Assuming that jBase can write R83 compatible ACCOUNT-SAVE tapes, ... (comp.databases.pick) - Re: [kde-linux] kmail - receiving mail with sbcglobal yahoo
... Port: 25 ... Authentication Method: Plain ... two email accounts
which give different errors, ... I just set up kmail with the above settings, ...
(KDE)