From owner-freebsd-questions Fri Oct 12 21:54:56 2001 Delivered-To: freebsd-questions@freebsd.org Received: from koza.acecape.com (koza2.acecape.com [66.9.36.222]) by hub.freebsd.org (Postfix) with ESMTP id 8430037B412 for ; Fri, 12 Oct 2001 21:54:52 -0700 (PDT) Received: from p65-147.acedsl.com (p65-147.acedsl.com [66.114.65.147]) by koza.acecape.com (8.10.1/8.9.3) with ESMTP id f9D4sj920163; Sat, 13 Oct 2001 00:54:45 -0400 (EDT) Date: Sat, 13 Oct 2001 00:59:00 -0400 (EDT) From: Francisco Reyes X-X-Sender: To: Cc: FreeBSD Questions List Subject: Re: Automating ssh connections so only one command would run. In-Reply-To: <20011011224233.G293@blossom.cjclark.org> Message-ID: <20011013005710.A10822-100000@zoraida.natserv.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 11 Oct 2001, Crist J. Clark wrote: > On Thu, Oct 11, 2001 at 11:38:34PM -0400, Francisco Reyes wrote: > > I followed several tutorials on how to automate ssh connections, but I > > would like to restrict the connection so only scp would run. > > scp(1) and ssh(1) are not really designed to work this way. Even if > you can limit users to scp(1), Do you know? That is what I am trying to find. >it is trivial to slip commands through scp(1), >$ scp 'remote:somefile;touch /tmp/scp_test' . > And check for /tmp/scp_test on the remote machine. I don't see how this is a security problem. Could you explain? Automating scp may not be the most secure way to copy data, but is there a better way? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message